Governance, Risk, Compliance (GRC) Digital brings to you a digital platform which in essence brings automation to resource intensive legal administration.

QLAW, a Cape Town based legal firm, partnered with Digital Unbounded, an information technology company, to fast track digital transformation in their legal offerings. Our POPIA compliance pack is branded for your organisation and includes policies, templates and an implementation guideline. We have also partnered with a company that could assist your organisation with operationalising the POPIA pack.

For more info, please contact us on :
          Tel : 021 762 5701 or 011 040 1759


Applicable Penalties

  •  Failure to comply with POPIA could result in an administrative fine of up to R10 million
  • ✔ Failure to comply with POPIA could result in 10 years prison sentence
  • ✔ Non-compliance could negatively impact your business reputation
  • ✔ Non-compliance would most definitely impact client trust negatively
  • ✔ Bad reputation and lack of trust will strain business growth

What is POPIA

  •  promote the protection of personal information processed by public and private bodies
  • ✔ introduce certain conditions so as to establish minimum requirements for the processing of personal information
  • ✔ provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000
  • ✔ provide for the issuing of codes of conduct
  • ✔ provide for the rights of persons regarding unsolicited electronic communications and automated decision making
  • ✔ regulate the flow of personal information across the borders of the Republic

Let us HELP

    We provide the guidelines and policies required to be in place for POPIA compliance and operationalisation thereof:

  • ✔ Compliance Risk Management Plan (CRMP)
  • ✔ POPIA Manual
  • ✔ Protection of Personal Information and Privacy Policy
  • ✔ Promotion of Access to Information Policy & Delegated Authority Letter
  • ✔ Information Technology, Social Media, and Electronic Communications Policy
  • ✔ IT Risk Assessment
  • ✔ Promotion of Access to Information Policy
  • ✔ Document Retention and Records Management Policy
  • ✔ Document Retention Schedule
  • ✔ Classification of Personal Information Data Schedule
  • ✔ Complaints Resolution Policy and Procedure
  • ✔ Informed Consent Policy for Customers
  • ✔ Access Control Policy
  • ✔ Privacy Policy and Consent Declaration for Employees
  • ✔ Addendum of Service Agreement for Employees
  • ✔ Contract for Operators who Process Personal Information

POPIA Compliance

✔ 8 CORE principles for the implementation and operation of POPIA.

✔ Consent
Personal Information must be collected directly from, and with the consent of the data subject, unless this is reasonably impractical or to fulfil a legal obligation. This is dealt with further below.

✔ Informed
Data subjects must be informed of the purpose of any such collection and of the intended recipients of the information, at the time of collection.

✔ Necessary
Further processing of personal information must be compatible with the initial purpose of collection.

✔ Limited Retention
Information must not be kept for longer than is necessary for achieving the purpose for which it was collected.

✔ Not Distributed
Information must not be distributed in a way incompatible with the original purpose for which it was collected.

✔ Updated
Reasonable steps must be taken to ensure that the information processed is accurate, up to date and complete.

✔ Safeguarded
Appropriate technical and organisational measures must be taken to safeguard the data subject against the risk of loss, damage, destruction of or unauthorised access to personal information.

✔ Access
Data subjects are allowed a right of access to their personal information and a right to demand correction if such information should turn out to be inaccurate.