‘‘Personal information’’ refers to  information relating to a identifying and individual or company, for example;

  • information relating to race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth that enables one to identify the person or company.
  • information relating to education, medical, financial, criminal or employment history of the person
  • any identifying number, symbol, e-mail addresses, physical address, telephone numbers, location information, online identifier or other particular assignment to the person
  • the biometric information of the person
  • the personal opinions, views or preferences of the person OR views and opinions of another person about the person/company.
  • any correspondence sent by the person that is private or confidential
  • the name of the person if the name (or associated information) would reveal information about the person

It is not considered “personal information” if the information is already in the public domain.


 The purpose of the POPI Act is the following:

  • To ensure that personal information is only used for the purpose it was originally intended.
  • That the information is protected and safeguarded
  • To regulate how the information is processed and provide minimum requirements in line with international standards.
  • To provide persons with the rights and remedial actions when personal information is not managed in accordance with the Act.
  • To establish an information regulator who will provide the necessary guidelines and enforcement to ensure responsible handling of personal information.


The POPI Act has listed conditions 8 conditions that need to be adhered to by any person or organisation that collects and/or processes personal information, these are;

  • Accountability
  • Processing limitation
  • Purpose specification
  • Further processing limitation
  • Information quality
  • Openness
  • Security safeguards
  • Data subject participation

Metatrans POPI Consulting Services:

Our practical approach to POPI implementation will save you time and money.  Our clients are thrilled with their level of confidence, and have the flexibility to ‘Go it Alone’ at various points in the process.

POPI Gap Analysis

There are three ways to tackle your Gap Analysis. It is up to you whether to use us for one, two or all three these:

1. Complete the free online self-assessment.

You complete it in about half an hour, in your own time, from your own device.  You will find that by doing the questions, you already get an idea of your gap.

We will send you your compliance score based on your self-assessment, which will help you make decisions on your next steps.

2. Facilitated Analysis session.

Our experienced facilitators will facilitate a session with your management and/or project team, and help you define your high-level gap. Depending on the size and complexity of your organisation, this session could be anything from a half day to three days, and will go a long way towards defining your project scope. The output from this session is a high-level gap assessment.

POPI Gap Analysis

3. Outsourced Gap Analysis.

Allow our Privacy expert analysts to fast-track your Gap Analysis using our pre-defined toolkits. The Analysts will work closely with your nominated business champions to ensure a detailed Gap Assessment, which can be used to plan the remainder of your implementation

POPI Planning

POPI Scoping and Planning:

This can be done before or after the Gap Assessment, depending on your needs.  If done after a detailed Gap Assessment, our programme managers will apply their practical, in-market experience to scope and plan out your POPI implementation with you.

A detailed scope document and project plan will be created in co-operation with your business champions.  The implementation plan will be built using our toolkits and templates, and adopt your project methodology, or if needed, we could advise on what would work best for your environment.

Depending on your circumstances, you could opt to use the scope and project plan we provide to kick off your POPI compliance implementation, or you could opt to make use of our implementation team to drive, monitor or supplement your existing team.

POPI Implementation:

Once the foundation has be laid, and we have a firm understanding of the scope and stakeholders, the business of complying with the POPI Act can commence.  Our team has deep and detailed, current experience with POPI implementation.  Our skill-sets cover Privacy experts, Legal , Risk and  Compliance Officers, Business Analysts, Architects, Project Managers, Change Managers and Programme Managers. See below for a listing of the services we offer related to the implementation of POPI.

Project Management.

Our project managers are well-seasoned in POPI implementation.  They come with not only practical experience, but toolkits and templates which smooths implementation timelines and headaches.

Policies & Standards.

Over the last couple of years, our team has gained a solid understanding of the policies and standards which need to be updated or created as part of the POPI compliance implementation. Our toolkits have been expanded to include templates which could be adapted.

Third Parties.

We have the necessary skills to guide you through, or perform a third party assessment on your behalf, assessing your risk exposure, your contracts, agreements and clauses, and ensuring that all have the essential POPI clauses included

POPI Implementation

Incident Management.

Your Incident Management process is one of the most important parts of your POPI compliance implementation.  It is essential to have a robust and effective process, which is embedded throughout the organisation.  Every staff member must understand the process, and the part he or she plays therein.  Our process engineers can assist with the creation of a custom-built process for your organisation.

Appointment of Information Officer.

 We have assisted various organisations to clarify the roles and responsibilities of the Information Officer and Deputy Information Officer.  Our Program Managers will assist you to appoint the right person to the role, and coach them through the first couple of incidents (prior to go-live)

POPI Training & Awareness

Probably the most important aspect of your POPI implementation, is the Awareness and Training of your entire organisation.  It is essential that POPI (or rather Privacy) becomes a state of mind for every individual.  There are various ways of achieving this, and one needs to look at each organisation and it’s circumstances to ensure the training is sufficient, effective and effecient.  The services we offer are:

1. Executive Awareness Sessions

We jam-pack these Executive sessions with a quick, high-level overview of POPI, we unpack the impact it has on your organisation, and the roles & responsibilities of the Information Officer.

Duration:  Between one and two hours, depending on the level of the organisation.  We recommend the executive team completes the self-assessment prior to the awareness session to ensure alignment.

Outcome: An Executive team who is able to make informed decisions on the way forward for POPI compliance.

Cost:  Within the Johannesburg area, we do not charge for the Executive Awareness sessions. Outside Johannesburg, we will negotiate travel costs.

POPI Training

2. High Level Management POPI Training session

This is intended for your senior and middle management team and takes them through the Act, the interpretation of the Act and a facilitated discussion around the impact of the Act on your organisation.

Duration:  Around half a day, depending on the level of the organisation.  We recommend the executive team awareness session has been held to ensure alignment between executive and middle management.

Outcome: A management team who is clear on the impact POPI will have on your organisation, and they are able to start assigning role-players, ownership and identify a project team.

Cost:  We charge a fixed fee regardless of the number of attendees (maximum 12).  Please contact us for a formal quote.

3. Full Day Implementation Preparation session

We spend the full day with your execution team  to work through the specific activities needed to implement POPI in your organization.  This is usually attended by the Privacy Officer, Operations and IT management, Project and Programme managers, and the POPI dedicated analysts.

Duration:  Up to two full days, depending on the level of the organisation.  We recommend that both the executive team awareness session, as well as the management briefing has been held to ensure alignment between management and the execution team.

Outcome: An implementation team who has a high-level plan, activities and assigned responsibilities for the implementation of POPI compliance.  As an additional service, our facilitator can prepare a detailed document after the workshop, giving the team a clear plan for implementation.

Cost:  We charge a fixed fee regardless of the number of attendees (maximum 12).  Please contact us for a formal quote.

4. Change and awareness programmes

This is a perfectly timed, well executed awareness campaign to change staff behavior in the organisation.  This programme covers awareness training to all staff, a communication plan, specific technical training to nominated people, and coaching and mentoring of in-house training/internal marketing departments.

Duration:  The duration of this Change programme is dependent on the implementation plan, and the readiness of the organisation.

Outcome:  The purpose of this intervention is to ensure that all staff adopt a Privacy mindset, and that the organisation develops a Privacy-by-Design approach to all projects and initiatives.

Cost:  Costing varies greatly, depending on your requirement.  We strongly suggest that we prepare a quote for you after the project planning session has been held.


Optimization WordPress Plugins & Solutions by W3 EDGE