Login to your TrustKeeper Portal Account
Thank You. One of our sales specialists will be in touch shortly.
Speak with a Trustwave sales specialist to learn more.
of South African organizations have not defined their purpose for collecting and processing personally identifiable information (PII).
of South African organizations do not have processes in place to notify data subjects about PII collected.
of South African organizations expect to need one to three years to comply with the POPI Act.
The POPI Act aims to protect PII and provides guidelines for lawfully processing such information. POPI brings South Africa in line with existing data protection laws around the world, enforcing an individual’s right to privacy.
To avoid consequences that are expected to go in to effect one year after administration of the law begins, organizations should already be embarking on the journey to compliance. See Solutions.
POPI applies to everyone in South Africa who processes the personal information of another. Once an information protection regulator has been appointed to administer the law, companies are expected to have only 12 months to comply.
Once the administration of POPI begins, companies that are non-compliant after the one-year anticipated grace period are subject to the following penalties or sanctions:
Imprisonment of offenders for between one and 10 years
Up to R 10 million in penalties and fines
Enforcement notice requiring non-compliant organization to stop processing personal information
Civil action on behalf of an individual or group of individuals
(including damages for financial and non-financial harm)
We recommend that you make preparations for POPI compliance a front-burner issue for your organization. As you seek expertise for your POPI assessments, consider how we can help.
A Trustwave POPI compliance assessment is tailored to meet your organization’s size, complexity and business requirements. Trustwave provides you with a comprehensive workshop to give all levels of your organization a thorough understanding of the POPI Act, the assessment process and where the assessment process should fit into the established security processes – as well as your organization’s ultimate business goals. We also provide your organization with a compliance assessment and assessment report to help manage the overall compliance process and achieve all of your objectives.
POPI Condition 7 states that responsible parties must adhere to generally accepted information security practices and procedures. Here are some Trustwave solutions that can help you address your organization’s gaps and help you meet the standards:
Every day, your staff handles sensitive data, including PII. Ensuring they understand the security risks relevant to their duties is imperative. Human actions can result in loss of intellectual property and exposure of customer data. These breaches could lead to lengthy investigations, costly fines and negative brand sentiment. Proper training and awareness can help ensure your employees don't transform from assets into liabilities.
Trustwave Security Awareness Education empowers your employees with the security know-how to help protect your business against growing security risks and compliance missteps.
The Trustwave POPI Compliance Assessment Service uses the POPI Act as the basis for requirements and testing procedures. The service involves various policies, procedures and practices that will be evaluated by Trustwave through documentation review, interviews, facilities inspection, controls assessment and examination of your current security architecture.
POPI Compliance Assessment Report
How to Comply with South Africa's POPI Act