Enquire now

  • This field is for validation purposes and should be left unchanged.

POPI Act – Protection of Personal Information

Print This Post

The Protection of Personal Information Act (POPI Act or POPI law) sets conditions for how you can process information. It has been signed by the President and is law. You will only have one year from the commencement date to comply or face significant consequences. There is also a business case for the POPI Act. There have been many false starts, but now is the time to act. If your organisation processes personal information, then complying with POPI is your problem. Those in the Financial Services, Healthcare and Marketing sectors, in particular, will be affected by this Act. Why does it matter? What could happen to you if you don’t comply?

  • Suffer reputational damage
  • Lose customers and fail to attract new ones
  • Pay out millions in damages to a civil class action
  • Be fined up to R10 million or face 10 years in jail

This is serious, you need to take action now. You can also get business value out of complying with POPI – there is a strong business case.

We offer a seminar, webinar, workshop, or executive briefing on this topic presented by an expert with practical experience.  We give examples throughout. 

  • Get an overview of this complex law and know what practical action to take.
  • Get expert practical legal advise and guidance, but use your resources.
  • Save time and fast track your compliance efforts whilst still applying good management principles. 
  • Identify your main areas of concern.
  • Get a working understanding of the effect of privacy and protection of personal information issues on your organisation.
  • Get a bird’s eye view and a detailed analysis of the specific practical issues that concern you.
  • Find out how to comply and implement POPI in your organisation.
  • Find solutions to fill gaps.
  • Plan what you need to do, and when.
  • Make your POPI project a success.
  • Get up-to-speed quickly.

Public seminars on the POPI Act or POPI law

Our Protection of Personal Information Act (POPI Act) public seminars in 2012, 2013 and 2014 were well received. We are running more POPI public seminars  on:

  • 14 October 2015 from 10:00-17:00 at the Slow in the City, cnr West & Rivonia Roads, Sandton, Johannesburg - To reserve your seat click here
  • 22 October 2015 from 09:00-16:00 at the Southern Sun, Newlands, Cape Town - To reserve your seat click here
  • 10 November 2015 from 09:00-16:00 at the St James on Venice,  Durban - To reserve your seat click here


One delegate is R3,477 (including VAT). Two or more qualifies for a 10% discount. We will serve lunch and refreshments. We limit delegate numbers, so bookings are done on a first come, first served basis. We aim to give practical insights that you can use to be effective. We do not give law lectures! We will refund you, if you do not think you received value.

Feedback from delegates

“I like the practical approach to the problem of compliance. In fact this is the first course that I have attended which actually shared a practical approach.”

“This is the first time that I have attended a regulatory training course that had truly practical elements to it. It was very beneficial and I feel I took away a lot of valuable ”action items””

“Having been to many presentations I have to congratulate the presenters for the focus of the material and for holding the interest of the audience at all times. As one that had not been exposed to the POPI Act very much this encapsulated the bill and was presented in an understandable way. I was impressed that something this difficult was made clearer for me.”

“The workshop offered a practical, holistic approach on the subject of POPI compared to other workshops which are mostly just approaching the topic from a marketing perspective.”

“presents digested information, saving me hours and enabling execution”

What do we cover?

Overview of the POPI Act, PPI Act, or POPIA

  • POPI in 15 minutes – an overview so you don’t need to read it
  • The key concepts and important definitions
  • What does POPI cover?
  • About the Information Regulator
  • A balancing of rights
  • POPI’s current status? What is the timeline?
  • Does it apply retrospectively?

The practical impact of the POPI Act on you

  • How will POPI affect organisations? What is going to have the biggest impact?
  • Mapping your activities that involve the processing of personal information
  • Find out how to use our POPI Mapper to practically apply POPI to your activities
  • What is your purpose?
  • The manner of processing
  • The role players – the data subject, responsible party and operator
  • POPI in eight bullet points – the conditions
  • The collection of personal information
  • The notification of data subjects
  • Information security safeguards - information security is required by law
  • The extra conditions
  • Communication with and marketing to customers or prospects (direct marketing). Opt in or opt out?
  • Automated decision making
  • Cross border transfers and lessons to be learnt from other countries in the world
  • Cloud computing and data centers

Why privacy matters – the top risks

  • The top privacy risks for organisations and individuals
  • Some examples of the consequences of failing to protect personal information
  • What are the fines and when could you go to jail?


  • POPI in the context of IT Governance, Risk and Compliance (IT GRC)
  • What are you required to comply with? What must you consider? A matrix of the ICT laws that apply to different issues.
  • Who is responsible?
  • The overlap between the POPI Act and other laws and codes (like the NCA and the CPA)

Implementing effective and successful POPI projects or programs

  • The process to follow
  • Plan what you need to do for the POPI Act in a practical way
  • The questions you should you be asking and finding answers
  • The governance around POPI, including your POPI team and the Information Officer
  • The departments that will be affected
  • Some quick wins you can do now
  • How to interpret POPI
  • The business case for POPI
  • The components of a successful project
  • Using Legal Frameworks
  • How to stop the Information Regulator from seizing evidence
  • Assess the impact of POPI on your organisation
  • Do a gap analysis of your organisation.
  • The documents that will be affected
  • Getting authorisation from the Information Regulator
  • An executive checklist
  • Some tips on how to effectively comply with POPI
  • Examples of how some specific organisations approach privacy and access to information. This is always useful to ensure that the session remains practical and applicable.
  • Our insights on some good solutions – what to do and not do

Take Home Points and Action items

  • The key take home points.
  • Practical effective action you can take.


  • Get a good understanding of the version of the POPI Act that has been signed into law.
  • Reduce the penalties for non-compliance, including fines up to R10 million or prison.
  • Understand how to manage the personal information you process to comply with the law, address your customer’s demands, and protect your organisation.
  • Work out who in your organisation is responsible.
  • Know the impact of the POPI Act on your organisation.
  • Plan what you need to do for POPI in a practical way. There are many things you could do to comply with POPI, the key is to work out what you should do given limited resources and time. Now is the time to plan what you will do, when, and who will do it. Good planning, results in effective and meaningful actions that adds business value to the organisation.
  • Implement some quick wins.
  • Fast-track your efforts and focus on the right things.
  • Reduce your overall cost of compliance.
  • Minimise your risks.
  • Find a practical method that suits you.
  • Know where to start with your POPI project and make it a success.

“Very informative and I have a much better understanding” Steve Van Der Berg, CAafrica

Course Material

We will provide attendees with:

  • a copy of our comprehensive presentation covering POPI,
  • a copy of the signed version of POPI, including a POPI word cloud,
  • our POPI Mapper – a tool to map activities,
  • access to the restricted premium content on www.michalsons.co.za,
  • a spreadsheet you can use to record the mapping of your activities, and
  • a list of POPI Action Items so that the session translates into practical action, and
  • an audio recording of the event (private sessions only).

What sets us apart?

  • We have significant practical experience dealing with these specific areas.
  • Our sessions are interactive – you are able to ask questions, have your specific issues dealt with, and influence what gets discussed.
  • Our sessions are tailored to the attendees – we ask you questions in advance so that we know what your issues are and your existing level of knowledge.
  • You are able to network with other people at the event.
  • We do not give sales pitches, which is unfortunately so often what speakers do at conferences.
  • We provide insight and simplify the issues, which can only be done after practically applying POPI to real business issues.
  • We empower you and do not try to entrench ourselves in your organisation.
  • The topic gets covered more comprehensively when one person leads the discussion for a day, rather than many different people covering the same ground. It is not different people covering the same issues superficially in different ways.
  • We cover the same ground in one day, rather than two. This saves you time and money. We tell you what you need to know, not everything.

Executive briefing

We also offer this in the form of an executive briefing. Executives must have a high level understanding and how it will affect their organization. They must lead the development of successful compliance programs or projects and be able to explain them to boards of directors, investors, business partners and the general public. The briefing will help executives leverage their compliance efforts into positive public relations and business benefit. It is a shortened version of this workshop.

Who should attend and why?

Anyone tasked (or involved) with complying with POPI:

  • Legal advisors (corporate lawyers or in-house lawyers) – to provide good legal advice on privacy issues
  • CIOs and IT Managers - to manage ICT
  • IT Operators - to ensure that ICT operates
  • IT Security officers - to secure ICT and personal information
  • IT Governance officers and specialists - to govern ICT
  • Information officers - to balance access to information and protection of information. To stay out of jail.
  • Marketing Managers - to market in accordance with the law
  • Compliance officers - to effectively comply with privacy laws
  • Auditors and assurance providers (internal and external) – to audit and provide assurance regards privacy
  • Risk Officers and Managers - to manage privacy risks
  • HR and Payroll Managers – to ensure that the personal information of employees is protected
  • Credit Managers – to ensure that personal information of creditors and debtors is protected
  • Pension Fund Trustees – to ensure that the personal information of beneficiaries is protected
  • Directors (executive and non-executive, CEOs and FDs) – to discharge their legal duties and direct the course of the organisation, Especially directors of organisations whose business is the processing of personal information.

Very intelligent, experienced and educated people often attend our workshops. They usually know more about their fields than we do, so we see ourselves as facilitators helping the group to explore the topic. We always encourage people to add their value at any stage.

Which organisations does POPI affect most?

Any organisation that processes a lot of personal information. This could be an organisation in the public (like the Department of Home Affairs) or private sector (like a bank or a medial aid). The industries that are most affected are Financial Services, Healthcare and Marketing. Banks, retailers, credit providers, insurance companies, medical aid companies, hospitals, direct marketers, business process outsources and telcos are some of the organisations on which POPI is high impact. The essence of some businesses is the processing of personal information – the impact on them are huge.

Who is the presenter?

practical attorney from Michalsons. We will ensure the attorney is the best person to present the course depending on the type of course, the date, the specific issues and the attendees. Below are some examples of the people who might present.

John Giles

John is a trusted independent professional legal adviser, who is a practising attorney. He is currently helping many people understand the practical impact of POPI on their organisations. He helps them to comply with POPI and implement effective privacy projects. He has also presented over 50 times on the topic to thousands of people. John is an information, communications and technology (ICT) lawyer. He has 13 years of practical experience applying his knowledge to organisations to help them grow and avoid legal problems, difficulties, and disputes. He is a member of the King III IT Governance Sub-Committee.

Andrew Weeks

Andrew is a practical and internationally experienced commercial attorney. His current main focus is consumer protection and information privacy law in an electronic environment. He has experience in both South Africa and the United Kingdom over a period of more than 10 years. He assisted organisations to assess and implement the EU Data Protection Directive, when that law was introduced. He has recently completed his LLM degree (specializing in ICT law) at the University of Cape Town, which included a dissertation on electronic information privacy law in South Africa.

Relevant experience

  • We have deep knowledge and expertise helping organisations comply with POPI. We are independent professional legal advisors with expertise on how to implement POPI. Our advice is privileged and the regulator cannot seize it.
  • We have presented to well over 2,000 people on about 50 different occasions on POPI.
  • We are currently working with many organisations, from dual listed multinationals to start-ups. In various industries, including financial services, healthcare, retail, and mining.
  • We have successfully done many large projects on IT GRC, information security, and records management. We have also done many IT Legal Audits on many organisations.
  • Lance Michalson and John Giles: co-authors of the South African chapter in “Global Privacy and Security Law” (2009), Aspen Publishers.

Other professionals

For your benefit, we adopt a multi-disciplinary approach and strong protected relationships exist with other professionals (like strategic management consultants, ICT management consultants, IT governance professionals, information security specialists, and consultants).

How long is it?

We provide this course in different formats. Public and private sessions can last for anything from 45 minutes, half a day or a full day. We also provide eCourses that can be done via the Internet at your convenience. We welcome enquires for more information and details.

“It’s an absolutely awesome platform from which I benefited immensely” Winston Seyama, Group Risk Management, Standard Bank Group Limited


If you are interested, please complete the form on the left or

Enquire Now

We will contact you to discuss your requirements or send you an invoice.


Our public workshops are at various venues around the country. We choose venues that are central so you can get to it easy, that have adequate parking, good food, and that ensure you are comfortable. We are happy to hold the event at your venue. If you want a personal in-house session at your offices, please contact us for a quote.

Tags: , ,

No Comments Yet

Add your comment

You must be logged in to post a comment.

Twitter icon