The Protection of Personal Information Act (POPI) sets conditions for how you can process information. It has been signed by the President and is law. You will only have one year from the commencement date to comply or face significant consequences. There is also a business case for POPI. There have been many false starts, but now is the time to act. If your organisation processes personal information, then complying with POPI is your problem. Those in the Financial Services, Healthcare and Marketing sectors, in particular, will be affected by this Act. Why does it matter? What could happen to you if you don’t comply?
- Suffer reputational damage
- Lose customers and fail to attract new ones
- Pay out millions in damages to a civil class action
- Be fined up to R10 million or face 10 years in jail
This is serious, you need to take action now. You can also get business value out of complying with POPI – there is a strong business case.
Attend a seminar, webinar, workshop, or executive briefing presented by an expert with practical experience. We give examples throughout.
- Get an overview of this complex law and know what practical action to take.
- Get expert practical legal advise and guidance, but use your resources.
- Save time and fast track your compliance efforts whilst still applying good management principles.
- Identify your main areas of concern.
- Get a working understanding of the effect of privacy and protection of personal information issues on your organisation.
- Get a bird’s eye view and a detailed analysis of the specific practical issues that concern you.
- Find out how to comply and implement POPI in your organisation.
- Find solutions to fill gaps.
- Plan what you need to do, and when.
- Make your POPI project a success.
- Get up-to-speed quickly.
Our public seminars in October, November, February, May, August, September and October were well received. We are running more public seminars on:
- 11 March 2014 (9am to 4pm) at the Silverwood Manor, Bryanston, Johannesburg - To reserve your seat click here
- 25 April 2014 (9am to 4pm) at the Southern Sun, Elangeni, Durban – To reserve your seat click here
- 8 May 2014 (9am to 4pm) at the Southern Sun, Newlands, Cape Town – To reserve your seat click here
- 15 July 2014 (9am to 4pm) at the Silverwood Manor, Bryanston, Johannesburg - To reserve your seat click here
One delegate is R3,477 (including VAT). Two or more qualifies for a 10% discount. We will serve lunch and refreshments. We limit delegate numbers, so bookings are done on a first come, first served basis. We aim to give practical insights that you can use to be effective. We do not give law lectures! We will refund you, if you do not think you received value.
Feedback from delegates
“I like the practical approach to the problem of compliance. In fact this is the first course that I have attended which actually shared a practical approach.”
“This is the first time that I have attended a regulatory training course that had truly practical elements to it. It was very beneficial and I feel I took away a lot of valuable ”action items””
“Having been to many presentations I have to congratulate the presenters for the focus of the material and for holding the interest of the audience at all times. As one that had not been exposed to the POPI Bill very much this encapsulated the bill and was presented in an understandable way. I was impressed that something this difficult was made clearer for me.”
“The workshop offered a practical, holistic approach on the subject of POPI compared to other workshops which are mostly just approaching the topic from a marketing perspective.”
“presents digested information, saving me hours and enabling execution”
What do we cover?
Overview of POPI, PPI Act, or POPIA
- POPI in 15 minutes – an overview so you don’t need to read it
- The key concepts and important definitions
- What does POPI cover?
- About the Information Regulator
- A balancing of rights
- POPI’s current status? What is the timeline?
- Does it apply retrospectively?
The practical impact of POPI on you
- How will POPI affect organisations? What is going to have the biggest impact?
- Mapping your activities that involve the processing of personal information
- Find out how to use our POPI Mapper to practically apply POPI to your activities
- What is your purpose?
- The manner of processing
- The role players – the data subject, responsible party and operator
- POPI in eight bullet points – the conditions
- The collection of personal information
- The notification of data subjects
- Information security safeguards - information security is required by law
- The extra conditions
- Communication with and marketing to customers or prospects (direct marketing). Opt in or opt out?
- Automated decision making
- Cross border transfers and lessons to be learnt from other countries in the world
- Cloud computing and data centers
Why privacy matters – the top risks
- The top privacy risks for organisations and individuals
- Some examples of the consequences of failing to protect personal information
- What are the fines and when could you go to jail?
- POPI in the context of IT Governance, Risk and Compliance (IT GRC)
- What are you required to comply with? What must you consider? A matrix of the ICT laws that apply to different issues.
- Who is responsible?
- The overlap between POPI and other laws and codes (like the NCA and the CPA)
Implementing effective and successful POPI projects or programs
- The process to follow
- Plan what you need to do for POPI in a practical way
- The questions you should you be asking and finding answers
- The governance around POPI, including your POPI team and the Information Officer
- The departments that will be affected
- Some quick wins you can do now
- How to interpret POPI
- The business case for POPI
- The components of a successful project
- Using Legal Frameworks
- How to stop the Information Regulator from seizing evidence
- Assess the impact of POPI on your organisation
- Do a gap analysis of your organisation.
- The documents that will be affected
- Getting authorisation from the Information Regulator
- An executive checklist
- Some tips on how to effectively comply with POPI
- Examples of how some specific organisations approach privacy and access to information. This is always useful to ensure that the session remains practical and applicable.
- Our insights on some good solutions – what to do and not do
Take Home Points and Action items
- The key take home points.
- Practical effective action you can take.
- Get a good understanding of the version of POPI that has been signed into law.
- Reduce the penalties for non-compliance, including fines up to R10 million or prison.
- Understand how to manage the personal information you process to comply with the law, address your customer’s demands, and protect your organisation.
- Work out who in your organisation is responsible.
- Know the impact of POPI on your organisation.
- Plan what you need to do for POPI in a practical way. There are many things you could do to comply with POPI, the key is to work out what you should do given limited resources and time. Now is the time to plan what you will do, when, and who will do it. Good planning, results in effective and meaningful actions that adds business value to the organisation.
- Implement some quick wins.
- Fast-track your efforts and focus on the right things.
- Reduce your overall cost of compliance.
- Minimise your risks.
- Find a practical method that suits you.
- Know where to start with your POPI project and make it a success.
“Very informative and I have a much better understanding” Steve Van Der Berg, CAafrica
We will give you:
- a copy of our comprehensive presentation covering POPI,
- a copy of the signed version of POPI, including a POPI word cloud,
- our POPI Mapper – a tool to map activities,
- access to the restricted premium content on www.michalsons.co.za,
- a spreadsheet you can use to record the mapping of your activities, and
- a list of POPI Action Items so that the session translates into practical action.
What sets us apart?
- We have significant practical experience dealing with these specific areas.
- Our sessions are interactive – you are able to ask questions, have your specific issues dealt with, and influence what gets discussed.
- Our sessions are tailored to the attendees – we ask you questions in advance so that we know what your issues are and your existing level of knowledge.
- We do not give sales pitches, which is unfortunately so often what speakers do at conferences.
- We provide insight and simplify the issues, which can only be done after practically applying POPI to real business issues.
- We empower you and do not try to entrench ourselves in your organisation.
- The topic gets covered more comprehensively when one person leads the discussion for a day, than many different people covering the same ground. It is not different people covering the same issues superficially in different ways.
- We cover the same ground in one day, rather than two. This saves you time and money. We tell you what you need to know, not everything.
We also offer this in the form of an executive briefing. Executives must have a high level understanding and how it will affect their organization. They must lead the development of successful compliance programs or projects and be able to explain them to boards of directors, investors, business partners and the general public. The briefing will help executives leverage their compliance efforts into positive public relations and business benefit. It is a shortened version of this workshop.
Who should attend? Why should they be aware of the laws?
- Legal advisors (corporate lawyers or in-house lawyers) – to provide good legal advice on privacy issues
- CIOs and IT Managers - to manage ICT
- IT Operators - to ensure that ICT operates
- IT Security officers - to secure ICT and personal information
- IT Governance officers and specialists - to govern ICT
- Information officers - to balance access to information and protection of information. To stay out of jail.
- Marketing Managers - to market in accordance with the law
- Compliance officers - to effectively comply with privacy laws
- Auditors and assurance providers (internal and external) – to audit and provide assurance regards privacy
- Risk Officers and Managers - to manage privacy risks
- HR and Payroll Managers – to ensure that the personal information of employees is protected
- Credit Managers – to ensure that personal information of creditors and debtors is protected
- Pension Fund Trustees – to ensure that the personal information of beneficiaries is protected
- Directors (executive and non-executive, CEOs and FDs) – to discharge their legal duties and direct the course of the organisation, Especially directors of organisations whose business is the processing of personal information.
Very intelligent, experienced and educated people often attend our workshops. They usually know more about their fields than we do, so we see ourselves as facilitators helping the group to explore the topic. We always encourage people to add their value at any stage.
Which organisations does POPI affect most?
Any organisation that processes a lot of personal information. This could be an organisation in the public (like the Department of Home Affairs) or private sector (like a bank or a medial aid). The industries that are most affected are Financial Services, Healthcare and Marketing. Banks, retailers, credit providers, insurance companies, medical aid companies, hospitals, direct marketers, business process outsources and telcos are some of the organisations on which POPI is high impact. The essence of some businesses is the processing of personal information – the impact on them are huge.
Who is the presenter?
John is a trusted independent legal adviser, who is a practising attorney. He is currently helping many people understand the impact of POPI on their organisations. He helps them to comply with POPI and implement effective privacy projects. He has also presented over 50 times on the topic. John is an information, communications and technology (ICT) lawyer. He has 13 years of practical experience applying his knowledge to organisations to help them grow and avoid legal problems, difficulties, and disputes. He is a member of the King III IT Governance Sub-Committee.
Depending on the format and the specific topics or attendees, some of the following people sometimes present.
Andrew is a practical and internationally experienced commercial attorney. His current main focus is consumer protection and information privacy law in an electronic environment. He has experience in both South Africa and the United Kingdom over a period of more than 10 years. He assisted organisations to assess and implement the EU Data Protection Directive, when that law was introduced. He has recently completed his LLM degree (specializing in ICT law) at the University of Cape Town, which included a dissertation on electronic information privacy law in South Africa.
- We have deep knowledge and expertise on POPI, and have a lot of expertise doing exactly this for organisations like ours. We are independent professional legal advisors with expertise on how to implement POPI. Our advice is privileged and the regulator cannot seize it.
- We have presented to well over 2,000 people on about 50 different occasions on POPI.
- We have recently assessed the impact of POPI (and the CPA) on various organisations, from dual listed multinationals to start-ups. In various industries, including financial services, healthcare, retail, and mining.
- We have successfully done many large projects on IT GRC, information security, and records management. We have also done many IT Legal Audits on many organisations.
- Lance Michalson and John Giles: co-authors of the South African chapter in “Global Privacy and Security Law” (2009), Aspen Publishers, http://www.globalprivacybook.com/.
For your benefit we adopt a multi-disciplinary approach and strong protected relationships exist with other professionals (like strategic management consultants, ICT management consultants, IT governance professionals, information security specialists, and consultants). We will invite the appropriate people depending on the audience.
How long is it?
It depends on the format – – the seminar and the workshop is a half or full day
The executive briefing is 45 minutes, plus 15 minutes for questions.
The webinar about 45 minutes.
“It’s an absolutely awesome platform from which I benefited immensely” Winston Seyama, Group Risk Management, Standard Bank Group Limited
If you are interested, please complete the form on the left or
We will contact you to find out more about your requirements or send you an invoice.
Our public workshops are at various venues around the country. We choose venues that are central so you can get to it easy, that have adequate parking, good food, and that ensure you are comfortable.
We are happy to give the seminar, workshop or executive briefing at your venue. If you want a personal in-house seminar at your offices, please contact us and we will send you a quote.