South African Protection of Personal
Information Act (POPIA) Compliance

VeraSafe guides you through a discovery exercise, to develop your records of data processing activities (as required by POPIA and the Promotion of Access to Information Act (PAIA)). This record becomes an essential information resource for purposes of POPIA and PAIA compliance.

If relevant, we will analyze your organization’s current data collection points and recommend ways to implement consent management, or improve the quality of the consent acquired, as required by POPIA. VeraSafe will review your organization’s privacy policy and consent forms, and propose improvements to the existing documents, or draft new ones, as necessary, to comply with POPIA.

VeraSafe will analyze your personal information processing practises and identify any compliance gaps, such as instances where data subject rights (including the right to be notified, right to correction, erasure or destruction and the right to object) are not supported. Our team will help you mitigate all compliance risks and develop realistic risk-based solutions to close critical compliance gaps.

POPIA includes specific security and confidentiality obligations which you must pass down to any service provider (i.e., operator) you engage to process personal information on your behalf. VeraSafe has a mature methodology, and extensive experience to successfully negotiate POPIA-compliant data processing addenda with service providers. Additionally, we help you assess vendor compliance with the necessary security safeguards.

VeraSafe’s extensive library of data protection related standard operating procedure templates can be easily customized to fit your particular circumstances. We also have considerable expertise and experience with refining our client’s existing procedures to help ensure your operations comply with applicable privacy laws.

Before starting new personal information processing initiatives under the POPIA, a personal information impact assessment must be performed to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information. VeraSafe offers complete assistance and impartial advice on your PIA, in addition to a PIA template and documented PIA procedure template for your Information Officer to use in conducting your own PIAs in compliance with Regulation 4(1)(b) of the POPIA Regulations.

VeraSafe provides tailored privacy and security training, which can be applied across your entire organization to help you document and demonstrate compliance.

VeraSafe can assist you with creating and updating your organization’s PAIA Manual in compliance with Section 51 of PAIA. Our data mapping process enables us to easily identify the information to be included in the organization’s PAIA manual (such as the details to facilitate a request for access to a record of the organization, a description of the data subjects that the organization body holds records on and the categories of records held on each data subject, the purposes of processing personal information, details about transborder flows of personal information and an assessment of the suitability of your organization’s data security measures).

VeraSafe will analyze your transborder flows of personal information to ensure that valid data transfer mechanisms are in place so that personal information can be lawfully and safely transferred across borders, in compliance with Chapter 9 of POPIA.