South African Protection of Personal
Information Act (POPIA) Compliance

VeraSafe offers a complete solution to help you comply with South Africa’s most extensive law on the protection of personal information. Our specialist privacy professionals and IT security experts are uniquely placed to provide a holistic approach to compliance.

Thank You

Thank You!

We’ll be in contact shortly.

Take the First Step Towards POPIA Compliance Today

POPIA is South Africa’s comprehensive privacy law which commenced on July 1, 2020. It imposes compliance requirements on any natural or juristic person who processes personal information. Additionally, POPIA creates broad privacy rights for data subjects, making it necessary for responsible parties to rethink their personal information processing practices.

VeraSafe’s POPIA compliance program pairs your relevant business units and in-house attorneys with specialized privacy professionals and attorneys, information security experts, and project managers, making your POPIA consulting team uniquely cross-functional. In contrast to a more traditional law firm, VeraSafe embraces the complex intersection of IT and law.

VeraSafe Will Operationalize a Cost-Effective,
Business-Facilitating POPIA Compliance Program for Your Organization

VeraSafe’s POPIA compliance program includes:

Data Mapping and Discovery

VeraSafe guides you through a discovery exercise, to develop your records of data processing activities (as required by POPIA and the Promotion of Access to Information Act (PAIA)). This record becomes an essential information resource for purposes of POPIA and PAIA compliance.

Notice and Consent

If relevant, we will analyze your organization’s current data collection points and recommend ways to implement consent management, or improve the quality of the consent acquired, as required by POPIA. VeraSafe will review your organization’s privacy policy and consent forms, and propose improvements to the existing documents, or draft new ones, as necessary, to comply with POPIA.

Privacy Rights

VeraSafe will analyze your personal information processing practises and identify any compliance gaps, such as instances where data subject rights (including the right to be notified, right to correction, erasure or destruction and the right to object) are not supported. Our team will help you mitigate all compliance risks and develop realistic risk-based solutions to close critical compliance gaps.

Vendor Risk Management

POPIA includes specific security and confidentiality obligations which you must pass down to any service provider (i.e., operator) you engage to process personal information on your behalf. VeraSafe has a mature methodology, and extensive experience to successfully negotiate POPIA-compliant data processing addenda with service providers. Additionally, we help you assess vendor compliance with the necessary security safeguards.

Library of SOP Templates

VeraSafe’s extensive library of data protection related standard operating procedure templates can be easily customized to fit your particular circumstances. We also have considerable expertise and experience with refining our client’s existing procedures to help ensure your operations comply with applicable privacy laws.

Personal Information Impact Assessment (“PIA”)

Before starting new personal information processing initiatives under the POPIA, a personal information impact assessment must be performed to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information. VeraSafe offers complete assistance and impartial advice on your PIA, in addition to a PIA template and documented PIA procedure template for your Information Officer to use in conducting your own PIAs in compliance with Regulation 4(1)(b) of the POPIA Regulations.

Privacy Training for Staff

VeraSafe provides tailored privacy and security training, which can be applied across your entire organization to help you document and demonstrate compliance.

Compilation of PAIA Manuals

VeraSafe can assist you with creating and updating your organization’s PAIA Manual in compliance with Section 51 of PAIA. Our data mapping process enables us to easily identify the information to be included in the organization’s PAIA manual (such as the details to facilitate a request for access to a record of the organization, a description of the data subjects that the organization body holds records on and the categories of records held on each data subject, the purposes of processing personal information, details about transborder flows of personal information and an assessment of the suitability of your organization’s data security measures).

Analysis of Transborder Transfers of Personal Information

VeraSafe will analyze your transborder flows of personal information to ensure that valid data transfer mechanisms are in place so that personal information can be lawfully and safely transferred across borders, in compliance with Chapter 9 of POPIA.

Key contacts

Karl Laureau

Karl Laureau

CIPP/E

Partner

Zia Maharaj

Zia Maharaj

CIPP/E, CIPP/US, CIPM, GCP for Clinical Trials (ICH Focus)

Partner

Kellie du Preez

Kellie du Preez

CIPP/E

Partner

Schedule an Introductory Call

Contact VeraSafe today for more information and to discuss the scope and cost related to your POPIA compliance effort.

Why VeraSafe?

 

Track record of implementing complex privacy regulations across industries.

Work directly with our in-house team of South African, US and European attorneys, IT experts, and project managers.

Strategic, risked-based approach to compliance.

Fully customizable POPIA program, tailored to fit your needs.

Holistic approach: We help you identify business opportunity hidden inside POPIA.

Going beyond just South African privacy law, VeraSafe is your end-to-end partner for the entire privacy and cybersecurity domain.