Pension funds (or retirement funds) process a lot of personal information, like the employment or financial history of a member, or personal information concerning a member’s health. They also process a lot of personal information about beneficiaries (who are sometimes children). Funds also have third parties (like administrators and other service providers) who process the personal information for them. The fund must protect this personal information to ensure that a thief does not steal the members benefits, savings or investments. It is the responsibility of the trustees to ensure that the fund processes personal information lawfully in accordance with the conditions for lawful processing in the Protection of Personal Information Act (POPI).

There is a growing trend that trustees are held personally liable (not the fund) for damages suffered by members. This course will help you to ensure that you do not have to pay money out of your own pocket. Good governance of funds is important because it leads to better outcomes, which in turn leads to better investment returns. Members trust you with their retirement benefits and their personal information. You need to ensure that trust is not lost.

We offer a presentation, seminar, workshop, or executive briefing on this topic by an expert with practical experience. We also offer an eCourse on request. We can also brief trustees at a trustee meeting.


  • See how POPI applies practically to a pension fund, including getting contributions and paying out benefits to members. Cut through the complexity.
  • Why is protecting personal information important?
  • Identify who performs what role. Who is the responsible party, the operator and the data subject?
  • Know who is responsible. Is it the trustees, principal officer, employer or administrator?
  • Understand what is required of you as a responsible party to process the personal information of beneficiaries lawfully.
  • Know what your responsibility for your operators entails. Is there trust?
  • Be aware of what could happen to the trustees (or the principal officer) if you process unlawfully.
  • Identify the Information Officer for a pension fund.
  • Plan the road ahead based on the POPI timeline.
  • Get a list of the practical and effective action items the trustees need to take.

Course material

We will provide attendees with:

  • a link to an electronic copy of our presentation,
  • our POPI Mapper – a tool to map activities,
  • a list of POPI Action Items so that the session translates into practical action,
  • an audio recording of the event (private sessions only), and
  • a certificate of attendance to enable you to demonstrate you are fit to act as a trustee (on request).

Who should attend and why?

  • Trustees – to discharge their duties. To be fit to be a trustee (or meet the fit and proper requirements) you need to have a working knowledge of POPI. To avoid personal liability for harm caused to a member.
  • Principal officers – to discharge their duties as the Information Officer of the fund.
  • Employers – to protect their employees.
  • Administrators – to administer funds in accordance with the law.

Public workshops

We will be running public workshops in Cape Town and Johannesburg in 2016

We limit delegate numbers, so bookings are done on a first come, first served basis. Send us an email if you’d like to be notified of  when our dates are finalised. We aim to give practical insights that you can use to be effective. We do not give law lectures! We will refund you, if you do not think you received value.

Private workshops

Although our public workshops are over for the year, we are able to provide private, in house workshops to you at your premises. Mail our support desk ( to get in touch to discuss a suitable date.

Who is the presenter?

David Luyt

David is a POPI professional. He is busy helping all kinds of businesses come to terms with POPI. He has a particular interest in pension fund administration and the broader financial industry, because they involve complex relationships between responsible parties and operators. We have to look to UK and European data privacy law to work out where the responsibility for protecting personal information lies. Sometimes it is easy to work out who the responsible party is, but often the relationship is more complex and a detailed analysis is required. The parties can even be jointly responsible in certain circumstances.

If David is unavailable for any reason, we will ensure that another practical attorney from Michalsons presents. We will ensure the attorney is the best person to present the course depending on the type of course, the date, the specific issues and the attendees.

How long is it?

We provide this course in different formats. Public and private sessions can last for anything from 45 minutes, half a day or a full day. We also provide eCourses that can be done via the Internet at your convenience. We welcome enquires for more information and details.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.


Our public workshops are at various venues around the country. We choose venues that are central so you can get to it easy, that have adequate parking, good food, and that ensure you are comfortable. We are happy to hold the event at your venue. If you want a personal in-house session at your offices at a trustee meeting, please contact us for a quote.