COURSE OBJECTIVE

 By the end of this course, learners will be able to understand and apply the core principles of the Protection of Personal Information Act (POPIA), identify compliance risks within their organisation, implement practical safeguards, and develop a structured POPIA compliance plan to protect personal information and reduce legal, financial, and reputational risk.

• Define key POPIA concepts and legal requirements
• Identify personal information within their organisation
• Respond correctly to Data Subject requests
• Implement security and breach response measures
• Develop a practical 90-day POPIA compliance roadmap

COURSE OVERVIEW

Target Audience:

• Business owners
• HR professionals
• Project managers
• IT teams
• Marketing teams
• Compliance officers

Outcome:

By the end of this course, participants will:

• Understand POPIA requirements
• Identify compliance risks
• Implement practical compliance steps
• Reduce legal and reputational exposure

COURSE STRUCTURE

Module 1

Introduction to POPIA (POPI Act)

• Why POPIA Was Introduced
• The Purpose of POPIA
• The Role of the Information Regulator
• Key Definition: Personal Information
• Key Definition: Responsible Party
• Key Definition: Operator
• Key Definition: Data Subject
• Key Definition: Processing of Personal Information

Module 2

The 8 Conditions for Lawful Processing

• Accountability
• Processing Limitation
• Purpose Specification
• Further Processing Limitation
• Information Quality
• Openness
• Security Safeguards
• Data Subject Participation

Module 3

Rights of Data Subjects under POPIA 

• Right to be informed
• Right to access
• Right to correction
• Right to deletion
• Right to object
• Direct marketing rules
• Consent requirements

Module 4

Responsibilities of Businesses

• Appointing an Information Officer
• Registering with the Information Regulator
• Developing a Privacy Policy
• Creating a PAIA Manual
• Data Retention Policies
• Third-party agreements (operators)

Module 5

Security & Data Breaches 

• What counts as a data breach?
• Mandatory breach notification process
• Reasonable technical & organisational measure
• Password Policies
• Encryption Basics
• Remote work risks
• Human vulnerabilities (phishing, weak passwords

Module 6

POPIA in HR, Marketing & IT 

• HR & POPIA
• Marketing & POPIA
• IT & POPIA

Module 7

Consequences of Non-Compliance 

• Administrative Fines
• Criminal Liability
• Civil claims
• Reputational damage
• Business interruption risks

Module 8

Building a POPIA Compliance Plan

• Conduct a data audit
• Identify risk areas
• Update contracts
• Train Staff
• Monitor & Review