Are you a local company or multinational processing personal information in South Africa?

Author: Marco Schepers

Service: Corporate, Mergers & Acquisitions, Regulatory Compliance, and Data Protection & Privacy

If you are, do you know that South Africa has recently passed a new privacy law for local companies and multinationals who process personal information in South Africa. The new law is called POPIA (the Protection of Personal Information Act). If you are processing personal information in South Africa, you need to be aware of POPIA and ensure you comply with it. One such compliance step is to ensure that your organisation's most valuable asset, its people, are trained and skilled on information management and privacy around POPIA.

Andersen in South Africa offers bespoke POPIA awareness training and skills development to companies in various sectors, both locally and to multinationals. Our training programme focuses on the following key deliverables:

- we evaluate and get an understanding of your business and current POPIA compliance level;

- through an evaluation of your business and compliance needs, we develop a tailor made awareness training and skills development course for your organisation which is tailored to your organisations specific needs;

- training can be done virtually or in-person depending on your preference.

Our training and skills development offering can be tailored to the following key individuals of your organisation:


This can be a high level or in-depth technical session depending on your needs which can either be covered in a single 1 hour session or over multiple sessions. The purpose of these sessions would be to ensure the management of your organisation “buy-in” to the compliance requirements needed and lead from the front in driving a robust compliance strategy.

Information Officer

This is the person who is responsible for ensuring that your organisation complies with data protection law. Understanding their roles and obligations is of paramount importance and we aim to provide the information officer with the training, awareness and confidence to manage the organisations compliance and adherence to privacy laws. This requires an in-depth workshop to arm your information officer with the tools required to manage compliance both in the short and long term.

Data Owners

These would be your line managers or heads of department. These individuals would manage a specific service or product line and need to understand the controls that need to be implemented within that service or product line. A service or product line will be different in each organisation and therefore it is important that each receives specific attention on privacy risks and controls.


This would be your staff who on a daily basis actually process personal information. The most common element of non-compliance is human error and therefore it is important that this category of people understand the law, privacy risks to be aware of and controls and procedures in place to adhere to compliance levels and standards. This training session is practical and very hands on to ensure that staff are engaged and have a clean grasp of compliance.

Ensure you empower awareness within your organisation and reach out to us so we can assist you with any bespoke awareness training you require on POPIA and privacy management.

Contact Marco for assistance with Data Privacy and POPIA compliance