Effective staff training, Key to POPIA Compliance (Blog)
Why you should have an effective security training program in place by 1 July 2021
16 April, 2021 by
Theuns Smuts

Why Effective Staff Training is Key to POPIA Compliance

The South African Protection of Personal Information Act has been in full effect from the 1st of July 2020. Companies and organisations in South Africa have been given a 12-month grace period, after which compliance will be enforced with the full effect of the law. It is essential that organisations take this chance to ensure they have set up everything they need to comply with the law - including staff training by the end of June 2021.

The POPI Act requires all organisations to protect the personal information of their customers/clients. Failure to do so can result in serious penalties for the business, members of staff and management who neglected the enforcement of guidelines - including fines of up to 10 million Rand or jail sentences of up to 10 years.

What is POPIA?

POPIA is the Protection of Personal Information Act of South Africa,  first passed by the South African Parliament in 2013,  and came into force on the 1st of July 2020. From this date, businesses had a year’s grace period before they can be penalised for failing to comply with the regulation’s stringent data protection requirements. POPIA applies to every single organisation and business in South Africa that collects, handles, or stores personal information of customers or other individuals.

Why is security awareness training essential for POPIA compliance?

The POPI Act requires all organisations in South Africa to protect the personal information of customers/clients. If a cyber-criminal steals data from your business, and a judge rules that you didn’t have the right precautions in place to prevent it from happening, your business will be liable for the damages. This puts the responsibility for protecting data into the hands of businesses - and their employees. To protect organisations from liability, end users must know why they need to protect personal information, and how they can do it in practice.

How should you carry out POPIA training?

To ensure that your end users are onboard with doing their best to protect their organisation, you should keep training engaging, to-the-point, and full of actionable steps and goals for your end users to meet.

Effective POPI Act training will...

Make users aware of your organisation’s legal obligation to protect personal information

  • Warn users about the potential penalties of failing to protection personal information, from fines and jail time to loss of trust from customers

  • Educate users on all core security areas, from password hygiene and email security to the responsible use of removable devices

  • Make training short and continuous, to keep it engaging and remind users year-round of their responsibilities

Staying secure with effective POPIA training solutions

The sad reality is that cyber security is an afterthought to most members of staff. While almost everyone knows the importance of passwords, security is often put to the side when the work pressures and deadlines mount up. To prevent this from happening, you will need to build a security culture, where all end users know and respect the importance of security.

With regular, bite-sized, and engaging training, you can ensure that end users are reminded of their responsibilities on an on-going basis, as well as receiving advice on how to put security into practice in their day-to-day work life. This should form the core of a security-minded culture, where security is a part of daily work life - and not an afterthought.

Find out more about how we can help you with this aspect of POPIA compliance...



Value Proposition


Service Overview

Contact us

Share this post