Training and awareness interventions on prevailing data protection legislation are crucial building blocks to ensure a compliant POPIA structure for the responsible party (company).

For the sake of archaic proverbs – knowledge is power – but we cannot stress this enough: every single staff member that has a finger in the information processing pie, should be included in training and awareness initiatives.

As discussed in our first article, one of the primary responsibilities for the Information Officer (Deputy Information Officer), is to spearhead technical learning internally regarding the provisions of the Act, the regulations in terms of the Act, codes of conduct, and other information obtained from the Regulator.

Create Awareness, Educate, Solve

So, where does one start….a simple google search generates hundreds of results where consulting companies offer training solutions covering the ins and outs of POPIA and POPI.

At eStudy, we aim to provide a simple, yet comprehensive approach to:

  • INFORM you about the provisions of POPIA effected on 1 July 2020, that should be included as technical knowledge items in your training strategy
  • HELP you and your employees to apply this knowledge as to comprehend the practical implications on their daily operations and business conduct
  • SIMPLIFY training delivery channels by advising on the most appropriate modus operandi for training and awareness sessions (eLearning, microlearning, mobile training, face to face, webinars)
  • HELP you identify ongoing steps in your road to training compliance regarding regulatory updates and amendments that employees of the responsible party would need to be aware of
  • SHOW you by means of training outlines and examples exactly what you need in order to execute a sustainable, but fluid training strategy

Targeted Training – The Who

No, we are not referring to the rock band here 😊. Are you aware of your training target market? Who should be ‘’in the know”?

  • Employees responsible for directly processing personal information as part of their daily operations require specific training – think of client services consultants in the financial or insurance industry. Or even customer executives working in the cellular or telecoms sectors.
  • Sales managers and business developers need to know about the marketing legalities of the POPI Act, with a focus on direct marketing and soliciting activities
  • Call centre and helpdesk agents need to be aware of proper data processing conduct when dealing with customer inquiries and complaints.
  • IT managers, Risk Managers, Information Security Specialists, and Information Management Staff have to be kept up to date regarding the POPIA implications about Information Security
  • Human Resources managers need to know about protecting the personal information and privacy of employees.
  • Any financial/accounting/internal audit orientated staff member must be made aware of data privacy compliance when processing sensitive client information such as ID Numbers, Bank Account Details, and physical locations
  • Business Analysts, Data/Information Stewards and Owners, and Data Administrators tasked with database management, maintenance, and design should be aware of the POPIA nitty-gritties from a back-end perspective

Technical, but Practical

Although it is vital that the POPI Act awareness training is appropriate and targeted to the audience, practicality and executability are the cornerstones for value-adding training outcomes.

At eStudy, we would endeavour to help you achieve the technical training outcomes. Still, even more so, the application, implementation, and execution thereof, customised to your specific needs and requirements with maximum time efficiency.

Key Training Strategy Takeaways – Ask yourself?

  • Who needs to be trained (your target audience)?
  • What are the outcomes you want to achieve with the training (what should they know)?
  • Which format or delivery channel would be most appropriate (Live Online, In-Person, Pre-Recorded)?

A Trajectory of Topics – The What

As no responsible party (company) is the same, the number of topics and the intensity of training regarding those topics may vary significantly.

In the table below, we have listed potential learning and development topics regarding POPIA and PAIA to provide foundational structure and context, as to assist you in compiling a training strategy outline.

Call the Training Titans

eStudy boasts a content library of training manuals with flexible material and delivery options to present knowledge in various ways, such as videos, face-to-face workshops, webinars, self-study questionnaires, and group exercises.

  • Our focus is on raising not only awareness, but also gain buy-in from all affected employees as to their privacy responsibilities and the importance of reducing the risk of privacy breaches via their proper data processing conduct
  • We aim to educate employees on company IT protocols and privacy measures that need to be adhered to (for example, an Acceptable use of IT Policy)
  • We specialise in immersing information handling practices within day-to-day operational activities, for example, posters, emails, WhatsApps containing infographics or mini-guides coupled with what if (aka role-based) training sessions replicating real-life examples of data processing scenarios

Our contextualised approach may enable responsible parties to prove to clients and the information regulator that protecting personal information is a company priority.

Why not give us a call and delegate your compliance training headaches to our professional consultants.

Recommended Posts