COURSE OBJECTIVE
By the end of this course, learners will be able to understand and apply the core principles of the Protection of Personal Information Act (POPIA), identify compliance risks within their organisation, implement practical safeguards, and develop a structured POPIA compliance plan to protect personal information and reduce legal, financial, and reputational risk.
- Define key POPIA concepts and legal requirements
- Apply the 8 Conditions for Lawful Processing
- Identify personal information within their organisation
- Respond correctly to Data Subject requests
- Implement security and breach response measures
- Develop a practical 90-day POPIA compliance roadmap
COURSE OVERVIEW
Duration Options:
- 6–8 Module Online Course
Target Audience:
- Business owners
- HR professionals
- Project managers
- IT teams
- Marketing teams
- Compliance officers
Outcome:
By the end of this course, participants will:
- Understand POPIA requirements
- Identify compliance risks
- Implement practical compliance steps
- Reduce legal and reputational exposure
COURSE STRUCTURE
Module 1
Introduction to POPIA (POPI Act)
- Why POPIA Was Introduced
- The Purpose of POPIA
- The Role of the Information Regulator
- Key Definition: Personal Information
- Key Definition: Responsible Party
- Key Definition: Operator
- Key Definition: Data Subject
- Key Definition: Processing of Personal Information
Module 2
The 8 Conditions for Lawful Processing
- Accountability
- Processing Limitation
- Purpose Specification
- Further Processing Limitation
- Information Quality
- Openness
- Security Safeguards
- Data Subject Participation
Module 3
Rights of Data Subjects under POPIA
- Right to be informed
- Right to access
- Right to correction
- Right to deletion
- Right to object
- Direct marketing rules
- Consent requirements
Module 4
Responsibilities of Businesses
- Appointing an Information Officer
- Registering with the Information Regulator
- Developing a Privacy Policy
- Creating a PAIA Manual
- Data Retention Policies
- Third-party agreements (operators)
Module 5
Security & Data Breaches
- What counts as a data breach?
- Mandatory breach notification process
- Reasonable technical & organisational measure
- Password Policies
- Encryption Basics
- Remote work risks
- Human vulnerabilities (phishing, weak passwords
Module 6
POPIA in HR, Marketing & IT
- HR & POPIA
- Marketing & POPIA
- IT & POPIA
Module 7
Consequences of Non-Compliance
- Administrative Fines
- Criminal Liability
- Civil claims
- Reputational damage
- Business interruption risks
Module 8
Building a POPIA Compliance Plan
- Conduct a data audit
- Identify risk areas
- Update contracts
- Train Staff
- Monitor & Review
