What We Do

POPIA Operational Compliance

South Africa’s Protection of Personal Information Act (POPIA) requires organisations to protect personal and sensitive data through practical, enforceable controls — not just policies. We help businesses and healthcare practices achieve real-world POPIA compliance by implementing the technical, operational, and governance measures required by law.

POPIA Risk
Assessment & Gap Analysis

We assess how your organisation currently handles personal information and identify compliance gaps.

Includes:

  • Data flow and processing review

  • Risk identification (people, systems, vendors)

  • Compliance gap report with corrective actions

Information Officer
Support & Registration

POPIA requires every organisation to appoint an Information Officer.

We assist with:

  • Information Officer role definition

  • Registration with the Information Regulator

  • Ongoing advisory and compliance support

Secure Data
Handling & Protection

We implement reasonable technical and organisational safeguards as required by POPIA.

Controls include:

  • Data encryption (at rest & in transit)

  • Secure storage of business and patient records

  • Access control and user permissions

  • Secure cloud and backup solutions

Access Control
& Identity Management

Only authorised users should access personal information.

We implement:

  • Role-based access control

  • Strong password and MFA policies

  • User activity logging and auditing

  • Secure offboarding of staff

Third-Party
(Operator) Compliance

Vendors processing personal data must also be POPIA-compliant.

We support:

  • Operator risk assessments

  • POPIA-compliant operator agreements

  • Vendor security validation

Breach Detection
& Incident Response

POPIA mandates breach detection and notification.

Our approach includes:

  • Continuous monitoring for unauthorised access

  • Incident response planning

  • Breach notification support (Regulator & data subjects)

  • Incident documentation and reporting

POPIA Policies
& Documentation

Compliance must be documented and provable.

We provide:

  • POPIA Privacy Policy

  • Information Security Policy

  • Incident Response Policy

  • Data Processing Registers

  • Patient and client consent templates

Staff POPIA
Awareness Training

  • Human error is the leading cause of data breaches.

    Training covers:

    • Handling personal and health information

    • Email and phishing awareness

    • Password and device security

    • Legal responsibilities under POPIA

Data Retention
& Secure Disposal

  • Personal information must not be kept longer than necessary.

    We implement:

    • Data retention schedules

    • Secure deletion of digital data

    • Physical document disposal processes

    • Disposal audit logs

Get In Touch →
WhatsApp

Request a Consultation

Contact us today to learn more about our training programs and how we can support your organization’s cyber security goals.

We respond within 1 business day.