Description of the Obligations of responsible Parties Course


The Protection of Personal Information Act has been finalised. Heads of public bodies, CEO’s of private bodies and the business leaders identified as “responsible parties” who control the purpose and means for processing information are required to ensure compliance with the conditions of lawfully processing personal information set out in the Act.

Business leaders and information officers who fail to fulfil their obligations defined in this Act may be charged with a criminal offence and face civil claims for damages.

It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA to ensure that personal information is processed lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy. Processing of personal information must comply with the obligations imposed by law and this processing must be necessary for legitimate interests of the body.


Participants will obtain a general understanding of the legal obligations placed on “Responsible Parties”. On completion of this seminar, participants will be able to:

  • Articulate the requirements of the Protection of Personal Information Act
  • Demonstrate an understanding of the conditions for the lawful processing of personal information
  • Describe the role, responsibilities and legal obligations of the responsible parties
  • Describe the roles and the responsibilities of the other parties concerned about the processing of personal information
  • Communicate the design of a suitable compliance framework
  • Identify the effort required to meet the requirements of the Protection of Personal Information Act and the conditions for lawful processing personal information contained therein.


Participants will learn through discussion and practical examples how to prepare for and address the obligations placed on responsible parties by the Protection of Personal Information Act.

This seminar includes topics about:

  • Recording details about Responsible Parties in the PAIA Manual
  • The duties of the Responsible Party
  • Implications of the Companies Act 2008
  • Controlling the activities of Operators
  • How to differentiate between personal and other data
  • The preparations required prior to updating the PAIA information manual about the processing of personal information
  • Mitigating risks
  • Documentation to be prepared prior to the processing of personal information
  • Processing details to be maintained in the PAIA manual
  • Designing a compliance framework
  • Communicating with data subjects
  • Implications of the conditions for lawful processing of personal information for business activities
  • Working with the Information Regulator
  • Working with the Information Officer
  • The role of Risk Management and Compliance
  • Trans-border exchanges of personal data
  • Consequences of failing to comply
  • Challenges – collection, profiling, cross-marketing, unstructured data, third party processing, secondary use
  • Case studies from industry – local and international
  • An Action Plan to fulfil the obligations of Responsible Parties.

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.


COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.


POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.


Go to top