Handling Personal Information Safely: POPIA & PAIA in Practice

This workshop is ideal for employees and managers who regularly handle personal information as part of their role and need a practical understanding of POPIA and PAIA. It is particularly suited to staff in HR, finance, administration, operations, licensing, customer-facing, and support roles, as well as line managers and supervisors responsible for overseeing data handling practices. The course is designed for non-legal and non-IT professionals who require clear, actionable guidance to manage personal information safely, lawfully, and confidently in their day-to-day work.

None.

1. Introduction & Context

• Why POPIA and PAIA matter in everyday work

• The shift from “compliance” to responsible data handling

• Employee accountability in a data-driven organisation

2. Understanding Personal Information under POPIA

• What constitutes personal information (PI)

• Categories and characteristics of PI

• Special personal information

• Personal information relating to children

• Practical workplace examples and common misconceptions

3. Roles and Responsibilities in Data Processing

• Key POPIA role players explained simply

• Employee responsibilities vs organisational accountability

• Shared responsibility across teams and functions

• Why “someone else’s job” is a compliance risk

4. The Personal Information Processing Lifecycle

• Collection, storage, use, sharing, retention, and disposal

• Purpose-driven data handling

• Risks of over-collection and over-retention

• Applying the lifecycle to real workplace scenarios

5. The Eight Conditions for Lawful Processing (Practical Focus)

• Overview of the eight conditions

• Applying key conditions in daily work:

  • Accountability

  • Purpose limitation

  • Minimality

  • Security safeguards

  • Openness

• Practical decision-making guidelines for staff

6. High-Risk Processing Activities

• Understanding prior authorisation: what it is and when it applies

• Trans-border data transfers and international data sharing

• Automated decision-making and AI-enabled processing

• Recognising when to pause and escalate

7. Data Protection Threats, Breaches & Enforcement

• Common data protection threats and human error risks

• What constitutes a data breach or incident

• Reporting obligations and escalation procedures

• Enforcement, penalties, and organisational consequences

8. Access to Information: PAIA in Practice

• Overview of PAIA and the right of access to information

• Handling access requests responsibly

• Balancing transparency with privacy obligations

• When information must be disclosed and when it must be protected

9. Practical Compliance Behaviours

• Secure handling of personal information

• Using approved systems and processes

• Following policies, procedures, and access controls

• The role of employees in building a compliant culture

10. Emerging Technologies and AI

• How AI and automation affect POPIA and PAIA compliance

• Risks of automated decision-making and data reuse

• Human oversight and accountability

• Responsible use of AI tools in the workplace

11. Wrap-Up & Key Takeaways

• What to do differently after the workshop

• Recognising risk and knowing when to escalate

• Personal responsibility in protecting information

• Questions and next steps