Compliance with POPIA – role of internal audit


Privacy training

Training is an important aspect in your POPIA compliance journey. The likelihood of complying with the requirements of POPIA is very slim if the individuals in your organisation do not understand the legislation and the role they need to fulfil to ensure that the purpose of POPIA is carried out appropriate.

NSA provides training at two levels:

  • executives (owners and directors of an organisation) and
  • employees (including management).

Training covers aspects such as the purpose of the POPIA, insight into the key sections covered by POPIA and training specific to the organisation’s POPIA policy standards.


Data protection is at the forefront of the minds of boards, customers, users, and regulators. How you use data in the digital economy will require you to understand the connections between business, technology, people and regulation.


What is personal information?

POPIA broadly defines ‘personal information’ as any information that can identify an identifiable living, natural person or identifiable existing juristic person. POPIA is unique in the global data protection landscape in its protection of personal information of juristic entities and it will require organisations to rethink not only how it processes its employee and customer personal information, but also how it deals with personal information in its business to business engagement activities.

What happens if I do not comply?

Non-compliance with POPIA can have serious repercussions for organisations, their employees and their customers.

  1. Impact on organisation
    • Financial penalties
    • Criminal sanctions
    • Loss of revenue resulting from negative press, damaged reputation
    • Losing customer trust
  2. Impact on employee
    • Disciplinary action and dismissal
    • Misuse of personal data
    • Private or confidential data being published



Key questions you should be asking:

  1. Where do I start?
  2. How can I prioritise my implementation activities to comply with POPIA?
  3. What is the POPIA impact for my organisation?
  4. What data do I process and why?
  5. Where is data stored?
  6. Who do I share data with and why?
  7. Is my data secure?
  8. How do I maximise the value of my data in a legally compliant way?
  9. Is my organisation affected by other privacy laws in countries I operate out of?


Course Features

  • Lectures 20
  • Quizzes 0
  • Duration 16 hours = 16 CPD point for Internal Auditors
  • Skill level All levels
  • Language English
  • Students 57
  • Certificate Yes
  • Assessments Self

Leave A Reply

Your email address will not be published. Required fields are marked *

Open chat
Hello 👋
Can we help you? Please send a whatsapp for quick responses