Skip to content Skip to footer

Loading Results

Data protection and privacy

The commencement date of the Protection of Personal Information Act 40 of 2013 (POPIA) has finally been announced. POPIA aims to give effect to the constitutional right to privacy, which is set out by the Constitution of South Africa, by introducing measures that will ensure that personal information is processed by organisations in a fair, transparent and secure manner.

Organisations have 12 months from, 1 July 2020, to become compliant. In our experience, this won’t be enough time for most large and complex organisations to become compliant.

Implementing the requirements of POPIA can be a daunting task for organisations, especially if you are starting late with your programme.

Through working with many organisations over the last number of years, we have developed a number of good practices that have successfully helped organisations accelerate the implementation of POPIA.

PwC’s multidisciplinary team of privacy, legal, data, advisory and cyber security specialists can assist you on your journey to privacy compliance. 



Subscribe to receive Privacy related content

Woman reading about the new Popia act on her computer

Issues you may be facing

  • Not knowing where to start with implementing POPIA in your organisation.
  • Not having the full understanding of the impact POPIA has for your organisation.
  • Prioritising your implementation activities to comply with POPIA within the 12 months grace period.
  • Not having a view of what data you process and why.
  • Not having an idea where your data is stored and if it's secured. 
  • Not having a view of who data is shared with and why.
  • Not understanding how to maximise the value of your data in a legally compliant way.
  • Not having a view of whether your organisation is affected by other privacy laws in countries you operate out of.


How we can add value

We have advised and assisted many organisations, from small enterprises to large corporates, in their POPIA compliance journeys. Based on our experience in providing privacy advisory, legal and cyber security services to our clients we have defined a holistic framework for the management of privacy risk that is designed to enable organisations to leverage good practices that can be tailored to address each organisation’s unique privacy vision and risk exposure.

Assess - Risk analysis and data discovery

Risk analysis and data gathering activities to gain an understanding of your POPIA risk and data footprint (including privacy impact assessments, data inventories and data flow mapping).

Assess - Gap assessment and remediation roadmap

Identification of gaps in your privacy capabilities and prioritisation of remediation activities.

Design, build and implement - POPIA programme implementation

Implementation of POPIA programme components to remediate known compliance gaps and establish privacy management practices based on your organisation’s unique environment.

Design, build and implement - POPIA programme readiness

Performing a readiness review of your POPIA programme to provide you with insights on your readiness. Facilitation of data breach simulations to test your POPIA readiness through a simulated data breach scenario.

Maintain - Ongoing programme operation and monitoring

Establishing ongoing compliance mechanisms to promote continued accountability for privacy management (including compliance risk management plans, training and awareness).

Privacy Training

Training is an important aspect in your POPIA compliance journey. The likelihood of complying with the requirements of POPIA is very slim if the individuals in your organisation do not understand the legislation and the role they need to fulfil to ensure that the purpose of POPIA is carried out appropriately.

PwC provides training at two levels, for executives (owners and directors of an organisation) and for employees (including management). Training covers aspects such as the purpose of the POPIA, insight into the key sections covered by POPIA and training specific to the organisation’s POPIA policy standards.

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Yvette du Toit

Yvette du Toit

Director, PwC South Africa

Tel: +27 (0) 11 797 4390

Charles Fischer

Charles Fischer

Director, PwC South Africa

Tel: +27 (0) 21 529 2018

Aneesa Firfiray

Aneesa Firfiray

Senior Manager, PwC South Africa

Tel: +27 (0) 21 529 2427