Loading Courses

Get to grips with POPIA regulations with virtual online training

This is not just a course on the POPI Act, this is a bootcamp to kick start your response to the POPI Act. This course is designed to get you busy. Classroom time will leave you with completed POPI tasks and practical plans that you can immediately implement in your business. You will be doing a lot of thinking, discussing, and planning! Enrol your management team and support functions to achieve exponential benefits.

You will address each of the responsibilities of the Information Officer outlined in the POPIA Regulations.

1.1     DAY 1 – Here’s looking at you!

We start by mapping out your business and the data that you manage, then

comparing that to the penalties outlined in POPIA. Then we look at the roles and responsibilities required by the POPI Act.

By the end of the class, you will have

  • A risk assessment of those areas of your business that are impacted by POPI
  • Exactly what POPI expects from the head of your organisation and your management team, and the extent of personal liability on these individuals.

1.2     DAY 2 – Get ahead of what your customers will expect from you

The type and size of your clients dramatically changes how much risk POPI presents to you. Many companies start their POPI programme because of a client insisting on a privacy policy or a data process agreement or they might include POPI (or privacy and data protection) in their next due diligence assessment. You need to demonstrate that you are mature enough as an organisation to be trusted with their data, but what does that mean exactly?

By the end of the class, you will have:

  • A risk analysis of your client base with your most at-risk areas prioritised
  • An understanding of the POPI changes needed for your most at-risk client

1.3     DAY 3 – A direct tackle on direct marketing

To really get going, we grab the bull by the horns and create a plan to get your direct marketing sorted out. Why focus on direct marketing? It is arguably the most public and most common privacy issue in nearly all businesses. It is also a practical way to introduce most of what you need to know about the POPI Act.

By the end of the class, you will have:

  • A definitive answer on exactly how POPI impacts on your direct marketing and what you need to do about it

1.4     DAY 4 – Know who you are in bed with

After direct marketing, the level of risk posed by suppliers, vendors and other third parties has proven to be a high impact risk for reputation and regulatory compliance.

By the end of the class, you will have:

  • A high-level privacy risk assessment of your suppliers and vendors
  • Ideas on how to mitigate those risks

1.5     DAY 5 – Limit that risky business.

POPI (and other privacy legislations around the world), mandate that you must do some very specific things, like audit how you manage personally identifiable information and assess the risks your business may be creating for other people. In this module, you will learn the fundamental capabilities that you need in order to manage privacy in your organisation. You will also complete one of the key responsibilities that the Information Regulator will expect to see in place if they ever audit you.

By the end of the class, you will have:

  • A high-level privacy/personal information impact assessment for your most risky process
  • A plan to manage any future data breaches
  • A plan to conduct privacy awareness training

1.6     DAY 6 – Safe and secure systems

POPI requires “reasonable organisational and technical measures” be in place to protect and secure personal information. In this module we leverage a practical approach for understanding your business systems and technologies. If you don’t know your network from your server and feel unsure whether a spreadsheet is a database, fear not! You can fake it until you make it! The tools we use will allow you to get handle on what’s cooking before you hand over the detailed assessment to your tech teams.

By the end of the class, you will have:

  • A high-level privacy/personal information impact assessment for your most risky system
  • A plan to identify any future data breaches
  • A draft security & privacy policy

1.7     DAY 7– Opening up to transparency and participation.

One requirement in POPI that can have a high impact on you, is the requirement to enable people to contact you about their data (i.e., “data subject participation” in POPI-speak). It’s a requirement that can introduce risk if not thought through properly. Which is why we are going to focus in on ensuring you implement the right level of procedures that are sustainable for your business. While we are on the topic of communicating externally, we will address the very important aspect of interacting with the Information Regulator and the requirement for a privacy manual.

By the end of the class, you will have:

  • Draft procedures and forms that satisfy POPI Regulations for access, amendment, deletion and objections
  • A plan to identify and address any privacy notices that are inadequate
  • Assigned responsibilities for interacting with the Information Regulator
  • A draft Privacy and Access to Information Manual, as required by the POPIA regulations

1.8     DAY 8 – Wrapping it up and looking ahead

On the last day, we consolidate what you have learnt into a formal compliance framework and a clear plan. We will also look at the marketplace of privacy frameworks, standards, tools, legal services and management systems so that you are well placed to negotiate before you purchase any privacy tools, and so that you can decide whether you need a formal privacy audit.

By the end of the class, you will have:

  • A privacy compliance framework, as required by POPIA regulations and a defensible response to crazy privacy demands from clients or potential clients
  • A POPI compliance implementation plan prioritised against your unique risks

Course Objective

Get POPI-fit with just 8-hours of classroom time. Be able to respond to all customer privacy queries with confidence within 2-weeks.

Who should attend?

Business owners, partners, managing directors, directors and management teams of medium sized business or small businesses that handle large volumes of personal information.

The course is also useful for product owners, operations managers, and risk or compliance officers, or any role that supports policy makers and business leadership teams.


No prior knowledge of POPIA is required. No IT skills are required.

You will need the following:

  • Access to a computer with microphone and video capability that can access a Zoom meeting. You cannot conduct this course via a mobile phone.
  • We recommend you have headphones or a good external speaker
  • Spreadsheets will be provided in Microsoft Office Excel and Google Sheets formats. You will need a spreadsheet app that can support either of those formats.
  • Access to information about your organisation such your suppliers, customers, business processes and systems, contracts, etc.

Course Duration

The course consists of a total of 8-hours of classroom training split into eight x 1-hour modules run over 2 consecutive weeks. Time commitment required from you includes an additional 2 to 3 hours per day to complete practical assignments and classroom preparation.

Course Cost

R 4 934 incl vat

Caroline has 25 years’ experience in IT systems development, IT service management and Information Governance consulting. She has worked with over 20 IT Departments in 4 different countries (hot tip: IT is the same everywhere). She has been working on POPI compliance and privacy and data protection projects since 2017.

She has a degree in Communications. This combined with her experience in POPI compliance management and IT Management, she is well placed to help you drive privacy through at the 3-P’s (People, Process and Products) of your business.

Please note that Caroline is not a legal practitioner and cannot provide legal advice or legal services


Email info@velisaafrica.co.za or complete the form below.
Please advise if you wish to make a corporate booking for 4 or more from the same company.

Share this on social media