POPI Act training courses available via Zoom
Already comfortable with POPIA? Click here to find POPI Compliance Solutions!
Privacy is the constitutional right of everyone in South Africa and is entrenched in the "Bill Of Rights". The POPI Act gives effect to this constitutional right of privacy by requiring safeguards for personal information processed by public and private bodies. Non-compliance may have serious consequences.
This 1 day course provides delegates with an overview of POPI and the significant obligations placed on those business leaders identified as the "responsible parties" and "information officers". All public and private bodies will be affected by the requirements of this legislation. Various technical and organisational arrangements will be necessary.
Accountability for something as important as privacy protection and the protection of the organisation’s reputation rightly belongs with the Council and executive managers. Many functions (e.g. Legal, Operations, Information Systems, Public Affairs, Marketing) will need to bring their practices into line to ensure that the organisation’s response is consistent and serves the organisation’s enterprise-wide goals and strategies.
The collection of personal information must be for a specifically defined, lawful purpose related to a function of the responsible party. The processing of data must be for a legitimate purpose. Data subjects must be aware of the collection of the data. Adequate business controls are required to maintain data integrity and information security must meet international standards. data must be retained only for as long as necessary and then it must be destroyed.
Participants will obtain an overview of POPI and its implications for their organisations. On completion of this seminar, participants will be able to:
Participants will learn through discussion and practical examples how to address the organisational, procedural, technical, and legal requirements for the POPI.
This seminar includes topics about:
The POPI Act requires all public and private bodies to ensure that how they use personal information is lawful, that there are systems in place for the protection of personal information, and there are processes for handling requests from the Information Regulator and individuals (i.e. data subjects). Developing a POPI compliance framework is essential for these purposes.
The POPI Act has been finalised. All public and private bodies are required to record their processing of personal information in their PAIA Information Manual prior to actually processing it.
All public and private bodies are required to ensure that the processing of personal information is lawful and that personal information in their possession is always secure. Failure to do so could have serious consequences and may result in criminal proceedings and civil claims for damages.
The POPI Act specifies eight conditions for the lawful processing of personal information. Regardless of whether the organisation is a large corporate, government department, school or research organisation, it will have to ensure that the processing of personal information is lawful and all personal data in its possession is properly acquired, secured and destroyed when obsolete.
Seminar Objectives
Participants will obtain an understanding of the statutory requirements for the processing of personal Information. On completion of this 2 day seminar, participants will be able to:
Seminar Outline
Participants will learn through discussion and practical examples how to prepare for and address the organisational, procedural, technical and legal requirements of the legislation for the POPI Act.
This seminar includes topics about:
The POPI Act requires all public and private bodies to ensure that how they use personal information is lawful, that there are systems in place for the protection of personal information, and there are processes for handling requests from the Information Regulator and individuals (i.e. data subjects). This course will delve into the impact of POPI on HR.
The POPI Act requires that responsible parties ensure that any processing of personal information conforms to all eight conditions for the lawful processing of personal information. The processing of human resources (HR) information of job applicants and employees are areas of high-risk.
Privacy is a human right, protected by the South African Constitution. Individuals whose personal data is misused may feel particularly aggrieved that there has been an interference with their individual right to privacy, request the Information Regulator to take action and seek compensation.
Just because you can do something doesn't make it legal. Obtaining consent from employees, most often, is pointless.
Participants will obtain an understanding of legislative requirements for the processing of personal Information that apply to human resource management.
On completion of this 2 day seminar, participants will be able to:
Participants will learn through discussion and practical examples how to prepare for and address the organisational, procedural, technical and legal obligations for processing human resources information in conformance with the protection of POPI Act
This seminar includes topics about:
Responsible parties – those individuals who, alone or in conjunction with others, determine the purpose of and means for processing personal information – are required by the POPI Act to ensure compliance with the conditions for lawful processing of personal information, and the measures that give effect to these conditions.
The POPI Act requires accountability for any processing of personal information. Heads of public bodies, CEOs of private bodies and the business leaders identified as “responsible parties” who control the purpose and means for processing information are required to ensure compliance with the conditions of lawfully processing personal information set out in the Act.
Business leaders and responsible parties who fail to fulfil their obligations defined in this Act may be charged personally with a criminal offence and face civil claims for damages.
It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA to ensure that personal information is processed lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy.
Participants will gain a general understanding of the legal obligations placed on “Responsible Parties”. On completion of this 1 day seminar, participants will be able to:
Participants will learn through discussion and practical examples how to address the obligations placed on responsible parties by the POPI Act.
This seminar includes topics about:
It is the responsibility of the "Information Officer" to encourage their organisation's responsible parties to process personal information lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy. Information Officers need a sound understanding of the eight conditions for processing personal information and what is reasonable so that they are able to provide advice regarding compliance with the POPI Act.
The POPI Act requires head of public oldies and CEOs of private bodies to register with the Information Regulator their Information officers so that data subjects and the Information Regulator can contact, make requests and investigate the lawfulness of the processing of personal information.
Information Officers have specific statutory responsibilities which if not fulfilled have serious consequences, including the possibility of a jail sentence.
This 2 day course will assist Information Officers and Deputy Information Officers understand their role and responsibilities under the Promotion of Access to Information Act (PAIA), the POPI Act and other legislation.
At the conclusion of this course, delegates will be able to:
Participants will learn through discussion and practical examples how to advise their CEO and responsible parties.
This seminar includes topics about:
The POPI Act stipulates that every public and private body making use of operators must ensure that operators who process personal information for the responsible party, establish and maintain generally accepted information security practices and procedures which may apply to it generally or specifically.
The POPI Act requires accountability for any processing of personal information. Heads of public bodies, CEOs of private bodies and the business leaders identified as "responsible parties" who control the purpose and means for processing information are required to ensure compliance with the conditions of lawfully processing personal information set out in the Act.
The responsible party must clarify, in written contracts with its operators and other service providers, the services the operators are commissioned to provide. The transfer of personal information to the operator must be limited to what is necessary for the operator to fulfil its contractual obligations.
Operators may not process personal information unless commissioned by responsible parties and the purpose is compatible with the original purpose of collection.
Participants will gain a general understanding of the legal obligations placed on Responsible Parties to manage operators and other service providers. On completion of this 1 day seminar, participants will be able to:
Participants will learn through discussion and practical examples how to commission and manage operators engaged by the responsible parties to provide services that process personal information.
This seminar includes topics about:
AUDITING THE LAWFUL PROCESSING OF PERSONAL INFORMATION
The Protection of Personal Information Act requires compliance with eight conditions for the lawful processing of personal information, including the continuous improvement of the safeguards that give effect to these conditions. Regular auditing of compliance with these eight conditions is an important compensating control that the Information Regulator with consider when investigating reports of non-compliance.
Overview
This 2 day course provides delegates with an understanding of how to lead, plan, execute and report an organisation’s compliance with the eight conditions for the lawful processing of personal information. Delegates will learn about the audit objectives and scope, the audit process, tests to be performed when assessing the current status, the privacy practices and the controls.
Internal audits of the processing of personal information are an important compensating control that the Information Regulator will expect when investigating an interference with an individual’s right to privacy.
This seminar will help participants understand the business risks and audit process that is required to evaluate the processing of personal information and to provide assurance to the responsible parties, information officer and regulator.
Seminar Objectives
Participants will gain an understanding of the requirements of the POPI Act and the audit process to be followed to give assurance.
On completion of this seminar participants will be able to:
Seminar Outline
Participants will learn through discussion and practical examples how to undertake an audit of the POPI programme, the processing of personal information and the privacy practices and controls necessary for the Protection of Personal information Act.
This seminar includes topics about:
THE PROTECTION OF PERSONAL INFORMATION ACT REQUIRES ALL PUBLIC AND PRIVATE BODIES TO IMPLEMENT EFFECTIVE TECHNICAL AND ORGANISATIONS MEASURES FOR ERP
A responsible party must ensure that the conditions set out in this Chapter 3 of the Protection of Personal Information Act, and all the measures that give effect to such conditions, are complied with at the time of the determination of the purpose and means of the processing and during the processing itself.
Overview
Enterprise Resource Planning (ERP) systems process a wide variety of business information, including many types of personal information. ERP systems have many features that can assist responsible parties with the protection of personal information. Omitting to use the available features could become a problem when a non-compliance with POPIA is reported to the Information regulator.
Business leaders and responsible parties who fail to fulfill their obligations defined in this Act may be charged personally with a criminal offence and face civil claims for damages.
It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA to ensure that personal information is processed lawfully and in a manner that does not infringe the constitutional rights that individuals have to privacy.
Seminar Objectives
Participants will gain a general understanding of the legal obligations placed on “Responsible Parties”. On completion of this 1 day seminar, participants will be able to:
Seminar Outline
Participants will learn through discussion and practical examples about the typical technical and organisational measures available in ERP systems.
This seminar includes topics about:
GENERALLY ACCEPTED INFORMATION SECURITY PRACTICES AND PROCEDURES FOR POPI
POPI requires responsible parties to implement generally accepted information security. ISO 27001 is an internationally standard widely recognised as the reference for generally accepted information security practices and procedures. ISO 27001 requires that organisations establish, document, implement and maintain an information management system to protect personal information.
Overview
This 2 day course provides delegates with an understanding of the technical and organisational measures for the protection of personal information using ISO 27001. Delegates also learn about the integrated process approach for information security management and how to extend their current activities in line with international standards.
The Protection of Personal Information Act requires that effective information security be implemented and continuously improved in accordance with generally accepted standards. An ISO 27001 information security management system will ensure that the information security strategy and practices are aligned with the enterprise’s business needs and strategic goals regarding privacy. An appropriate implementation of ISO 27001 will assist responsible parties demonstrate their commitment.
Seminar Objectives
Participants will gain an understanding of the POPIA requirements and how to correctly implement an information security management system using ISO 27001. On completion of this seminar participants will be able to:
Seminar Outline
Participants will learn through discussion and practical examples how to design and implement the safeguards required to protect personal information in accordance with the ISO 27000 family of standards for information security management and the Protection of Personal Information Act.
This seminar includes topics about:
COBIT is an integrated Governance, Management and Operational process model comprising principles and enablers for processing information lawfully.
Few organisations have the experience and knowledge to effectively and efficiently plan a POPI programme. The COBIT 5 is an internationally recognised framework for the governance and management of information and related technology that can be used for the lawful processing of personal information.
Overview
This 2 day course assists attendees understand how the COBIT 5 enablers can be used to effectively and efficiently plan, organise, direct and control a POPI programme using the COBIT 5 framework. The seven COBIT 5 enablers can enhance the maturity, capability and performance of the protection of personal information within an organisation.
The COBIT 5 principles and enablers provide a set of common dimensions and structured approach to effectively address the conditions for lawfully processing personal information and allows organisations to manage a set of complex interactions between the enablers and successfully implement the technical, organisational, and operational measures that enable the protection of personal information.
Seminar Objectives
Participants will gain an understanding of what should constitute a POPI programme, and how to plan, organise, direct and control the various activities necessary to implement the relevant COBIT 5 principles and enablers. This course will assist participants:
Seminar Outline
Participants will learn through discussion and practical examples how to adapt and use the COBIT 5 principles and enablers to address the business' requirements for the protection of personal information.
This seminar includes topics about:
GENERALLY ACCEPTED INFORMATION SECURITY PRACTICES AND PROCEDURES FOR POPI
POPI requires responsible parties to implement generally accepted information security. ISO 27001 is an internationally standard widely recognised as the reference for generally accepted information security practices and procedures. ISO 27001 requires that organisations establish, document, implement and maintain an information management system to protect personal information.
Overview
This 2 day course provides delegates with an understanding of the International Organisation for Standardisation’s (ISO) standard for information security management – ISO 27001. Delegates will learn about the integrated process approach for information security management and how to extend their current activities in line with international standards.
The Protection of Personal Information Act requires that effective information security be implemented and continuously improved. An ISO 27001 information security management system (ISMS) ensures that the information security strategy and practices are aligned with the enterprise’s business needs and strategic goals regarding privacy. An appropriate implementation of ISO 27001 will assist responsible parties demonstrate their commitment to have properly addressed the POPI requirements.
Seminar Objectives
Participants will gain an understanding of the ISO 27001 standard, its requirements and how to correctly implement an information security management system for POPI. On completion of this seminar participants will be able to:
Seminar Outline
Participants will learn through discussion and practical examples how to design and implement information security in accordance with the ISO 27001 requirements for information security management and the Protection of Personal Information Act.
This seminar includes topics about: