Course overview

This course provides a detailed exploration of the Protection of Personal Information Act (POPIA) in South Africa, focusing on its application throughout the AI system lifecycle. It examines the eight core conditions for lawful processing and addresses compliance challenges at each stage—from data acquisition to decommissioning. Participants will gain practical insights into building trustworthy AI systems that integrate robust privacy principles, ensuring innovation aligns with data protection obligations.

Course objectives

Participants will obtain an understanding of:

1. Understand POPIA's Core Principles: Articulate the eight conditions for lawful processing and their relevance to AI systems.
2. Map the AI Lifecycle: Identify key stages and associated POPIA requirements, including data acquisition, preparation, training, deployment, retraining, and decommissioning.
3. Apply Compliance Measures: Implement technical and organizational safeguards, such as audits, documentation, and privacy-enhancing technologies.
4. Manage AI-Specific Risks: Address challenges like bias, data minimization, and trans-border flows in AI contexts.
5. Ensure Accountability and Governance: Develop frameworks for continuous monitoring, human oversight, and data subject rights.
6. Foster Ethical AI Development: Balance innovation with privacy, building systems that earn public trust.

Course outline

Participants will learn about:

Module 1: Introduction to POPIA and AI

POPIA Fundamentals: Eight conditions for lawful processing (Sections 8-25).

AI Challenges: Data-driven nature and compliance complexities.

Module 2: Data Acquisition and Preparation

Processing Limitation and Purpose Specification: Sections 9-12 and 13-15.

Measures: Data minimization, anonymization, and consent management.

Module 3: Model Training and Development

Data Quality and Security Safeguards: Sections 16 and 19-22.

AI-Specific Tools: Differential privacy, federated learning, and bias audits.

Module 4: Deployment and Operation

Openness and Notification: Sections 17-18.

Automated Decisions: Section 71 requirements for transparency and human intervention.

Module 5: Retraining and Maintenance

Ongoing Compliance: Monitoring, audits, and adaptation.

Trans-Border Flows: Section 72 considerations for international data.

Module 6: Decommissioning and Governance

Secure Retirement: Data deletion and system shutdown.

Framework Building: Governance for lifecycle-wide compliance.