pmi pdu's


Skill Level suited for


Course Duration


LANGUAGE Course presented in

Course Overview

Protection of Personal Information Act (POPI) touches every organisation. All employees who deal with personal information from databases to personnel records need to be aware of the requirements of the POPI which is to be fully regulated soon. Compliance with the POPI is an essential requirement for all organisations. Existing organisations under the POPI are expected to be compliant.  Complying requires awareness of the rules and regulation amongst staff members and knowing what staff can and/or cannot do. 

This invaluable and practical workshop will examine how POPI law applies to your organisations, what can and cannot be done with staff and customers’ information and the rights and obligations of information users and information subjects.  We will also address what you can expect once POPI is fully regulated.

  • Understand, implement and comply with the POPI Act
  • Apply the key principles relating to collecting, accessing and using personal data
  • Identify and avoid unlawful collection or disclosure of personal information
  • Understand, implement and comply with the POPI Regulations
  • Identify and rectify noncompliance in your organisation
  • Identify and rectify noncompliant records management in your organisation

Course Starts in:


Let's get you registered!

Explore What We Are Doing Better

Tacit Skills accepts EFT / Instant EFT / Credit Cards (Mastercard & VISA)

Payments made securely by Payfast & Paypal


Request Quotation

Delegates who would like to request a quotation can easily do this by clicking here.


Deposit Option

Take advantage of our installment option. Secure your spot with a 25% deposit – settle the remaining balance before start of the course. 



Delegates can pay the course in 3 easy installments. The first installment requires a 50% Deposit. Thereafter the delegate as 60 Days to pay the remaining balance. No certificate or CPD points will be allocated until full balance has been paid.

what does POPI do?

POPI is applicable to any person, business or entity that processes personal information of data subjects, for example profit companies, non-profit companies, hospitals and medical practitioners, medical schemes, insurers, attorneys, estate agents, government departments, state owned companies and entities and municipalities (collectively referred to as “responsible parties”), and also to any person, business or entity that processes personal information on behalf of a responsible party, for example IT vendors or medical scheme administrators (referred to as “operators”).

Processing involves anything that is done with personal information and includes the collection, use, storage, dissemination, modification or destruction of personal information. The following are important information processing principles:

  • Accountability: Businesses must ensure that the information processing principles are adhered to.
  • Processing restriction: Processing must be done lawfully, and personal information may only be processed if it is sufficient, relevant and not excessive given the purpose for which it is processed.
  • Specific purpose: Personal information must be collected for a specific, defined and legal purpose in relation to a function or activity of the business concerned.
  • Transparency: Certain prescribed information must be provided to the data subject by the business, including the information collected, the name and address of the responsible party, the purpose for which the information is collected and whether the information provided by the data subject is voluntarily or mandatory.
  • Further processing restrictions: This is where personal information of a third party is received and transferred to another responsible party for processing.
  • Security measures: The business must protect the integrity of the personal information in its possession and under its control by ensuring that measures are in place to prevent loss of, damage to or unauthorised destruction of personal information.
  • Data subject participation: A data subject has the right to: request personal information that the business holds for free; 2. update or destroy personal information that is incorrect, irrelevant, superfluous, misleading or unlawful; and 3. destroy a record of personal information that is unnecessary for the business to keep”.

Organisations (whether they be public, private, big or small), and anyone processing personal information, will have to align their processing activities to POPI. Therefore it is imperative that the processing of personal information is done in a lawful manner. Organizations therefore need to ensure the safety of the information they have access to, protecting individuals from data breaches and information theft

Who is this course for?

  • Anyone who handles personal information on a regular basis as part of their job functions from the following departments: 
  • Legal
  • Information Technology
  • Compliance 
  • Human Resources 
  • Customer Services
  • Internal Audit 
  • Sales & Marketing 
  • Accounts.

what's included in this course

course Outline

Protection of Personal Information Act (POPI) At the Workplace

  • Appreciate who and what is covered by Protection of personal Information rules
  • Understand the organization’s policy and aims on personal information use
  • Overview of the POPI Act
  • Know and apply the core principles for personal information use

Criminal Offences and Liabilities under the POPI

  • Punishment for contravention of the Act 
  • Understanding POPI offences
  • Contravention of the Protection of personal Information principles
  • Processing of sensitive personal information
  • Unlawful collection or disclosure of personal information

Session Duration: 3 Hours of Live Training

Notice and Choice Principle 

  • When do you need to seek the consent of information subjects? 
  • How do you seek consent and exemptions to consent 
  • Channels of serving Notice to employees, contractors, supplies, vendors and visitors
  • Guidelines on Consent 
  • Recognise when, and for what purpose staff / customer information may be used
  • Questions to ask when collecting information

Ensuring Total Compliance – The What, When and How

  • What do companies need to do in order to comply? 
  • When do companies need to fully comply? 
  • The Employer’s Perspective – Change of Approach Required?
  • Understanding applications to employment relationships
  • How do companies set up an effective compliance framework? 

Session Duration: 3 Hours of Live Training

Creating and Implementing POPI Policies / Initiatives

  • Assessment on effective POPI programme management
  • Pinpointing overlaps between POPI, employment and labour law
  • Document implementation of tools such as Notices to address information security gaps in your own organization
  • Identify the potential breaches in your current organization

Session Duration: 3 Hours of Live Training

Benefit and Risks of POPI

  • Benefits and challenges in being POPI complaint
  • Understanding the implementation of POPI and the stages of Employment -Pre/Beginning/During and End of Employment
  • Potential privacy related risks to organisations 
  • Case study on personal information issues and impacts 

Understanding the Impact of the Protection of Personal Information Act on Records Management

  • Clarifying responsibilities records management personnel involved in the processing of organisation information
  • Understanding the objective of POPI
  • How does this affect the Records Management Department?
  • Defining the purpose of information gathering and processing
  • Outlining Records management practices that do not comply with POPI

Session Duration: 3 Hours of Live Training

Protection of Personal Information Act (POPI) – Records Management Compliance Challenges

  • Identifying key changes on keeping corporate records
  • Understanding the practical challenges and new liabilities that POPIcame with
  • Exploring ways to get prepared and minimise impact on your organization
  • Ways to ensure that the entire organization is compliant with POPI Laws
  • Addressing key regulatory issues that will affect the records management department the most
  • Knowing how to monitor, evaluate, and assess compliance with external legal and regulatory requirements related to Records Management
  • POPI Regulation

Session Duration: 3 Hours of Live Training

Some Feedbacks

What our delegates are saying

What People Say About Us

Client Testimonials

Meet the Instructor

Gavin Weiman

Gavin Weiman is a highly experienced attorney, consultant and training facilitator, with extensive (over 25 years) legal experience and (over 19 years) business consulting and training facilitation experience.

Gavin has been providing legal and contract centric consulting services, training and skills transfer services to commercial business, public entities and other consulting organizations and training organizations. His special area of interest is contracting and the law and its relationship to business and the economic world.