Developing a compliance framework to address the obligations of the POPI Act


The POPI Act requires all public and private bodies to ensure that how they use personal information is lawful, that there are systems in place for the protection of personal information, and there are processes for handling requests from the Information Regulator and individuals (i.e. data subjects). Developing a POPI compliance framework is essential for these purposes.


The POPI Act has been finalised. All public and private bodies are required to record their processing of personal information in their PAIA Information Manual prior to actually processing it.

All public and private bodies are required to ensure that the processing of personal information is lawful and that personal information in their possession is always secure. Failure to do so could have serious consequences and may result in criminal proceedings and civil claims for damages.

The POPI Act specifies eight conditions for the lawful processing of personal information. Regardless of whether the organisation is a large corporate, government department, school or research organisation, it will have to ensure that the processing of personal information is lawful and all personal data in its possession is properly acquired, secured and destroyed when obsolete.

Seminar Objectives

Participants will obtain an understanding of the statutory requirements for the processing of personal Information. On completion of this 2 day seminar, participants will be able to:

Seminar Outline

Participants will learn through discussion and practical examples how to prepare for and address the organisational, procedural, technical and legal requirements of the legislation for the POPI Act.

This seminar includes topics about: