Certified personal information breach management

  • Level: Beginner
  • Price: R 6,000.00

Certified personal information breach management

Personal information breaches occur all the time, but certain breaches are more serious and necessitate a quick response and reporting to the Information Regulator. Should a report be made, the Information Regulator may launch an investigation and evaluate the entire breach management process before issuing an enforcement notice. This course will help you be prepared to handle a data breach, and more crucially, to navigate a post-breach investigation by the Information Regulator.


POPIA requires that “without undue delay, and where feasible” a breach report is made no later than 72 hours of becoming aware of the breach. For this obligation to be fulfilled, information must be gathered, facts investigated, potential harm diminished, recommendations developed, the relevant reports for the Information Regulator prepared, completed, agreed with all relevant internal stakeholders, and filed with the Information Regulator. Compliance with these obligations is enhanced and facilitated by a formally defined process.

Breach notification is an organisational measure to protect data subjects and their personal information. Should an interference or breach occur, data subject trust is enhanced when responsible parties act swiftly to provide them with information on:

  • the risks presented as a result of the interference with their rights or breach of the protection for their personal data, and
  • the steps the affected data subjects can take to protect themselves from its potential consequences.


Course Topics:

  • Establish governance mechanisms (accountability)
  • Plan and prepare to handle personal information breaches
  • Develop breach detection capabilities
  • Record a breach
  • React to a breach
  • Analyse a breach
  • Assess breach notification obligations
  • Respect the legitimate interests of law enforcement
  • Escalate the breach, if necessary
  • Notify the Information Regulator
  • Notify the affected data subjects
  • Learn from and remediate the deficiencies that result in personal information breaches.


At the end of this course, attendees will better understand how to:

  • detect and promptly contain a breach
  • gather information
  • investigate the facts
  • assess the risk to data subjects
  • determine whether it is necessary to notify the Information Regulator
  • confirm how potential harm can be diminished
  • develop recommendations
  • prepare relevant reports for the Information Regulator
  • complete and agree reports with all relevant internal stakeholders
  • communicate the breach to the data subjects concerned when necessary
  • take remedial action, introduce additional security measures, or correct failures or deficiencies in the security measures.


Course Details

This is a 2-day course conducted in a virtual classroom.

The course ends with a short exam of twenty questions. This is necessary to confirm knowledge transfer to the attendee.

Once your registration is confirmed, you will receive a link to access the Virtual Classroom Platform using the credentials provided to you.

Cancellation/Refund Policy

All purchases of online learning courses are final. Access to the online learning courses and materials is immediate upon purchasing; therefore no refunds or exchanges will be provided. Prices are subject to change without notice.


This course can be taken any time after registration. 


BACK TO MENU or This email address is being protected from spambots. You need JavaScript enabled to view it. or REGISTER NOW


POPIA specialists with the best online POPIA Compliance Assessment System!

Follow us:




Useful Links