Loading Events

« All Events

  • This event has passed.

Info Sharing Session: The Protection of Personal Information Act (POPIA) is Here! What Now?

27 August, 2020
9:00 am - 10:00 am


27 August, 2020 @ 9:00 am - 10:00 am

BarnOwl Info Sharing session: 27 August 2020

Presented by Karus Prinsloo, Manager: Regulatory Compliance at Inlexso (Pty) Ltd (inlexso)

Thank you very much Karus for presenting at our info-sharing event on the 27th August 2020. Thank you also to all those who attended which was over 180 attendees.

Karus shared insights with us on:

• How to make sure your organisation is ready by 30th June 2021
• Lessons learned whilst assisting organisations from various sectors and industries
• Risks & opportunities


The commencement date of almost all of POPIA’s requirements, is 1 July 2020 with organisations having one (1) year to comply. A year is a very short timeframe in which to comply! Furthermore, the penalties for non-compliance are significant.

Some background:


  • Was signed into law in 2013 and has been phased into operation.
  • Purpose is to promote the protection of personal information of ‘data subjects’ (natural persons or legal entities).
  • Is based on the constitutional right to privacy and international best practice.
  • Contains definitions to take into account for how the Act works and some definitions are included below for ease of reference.

What is personal information



What is processing:



Who / what is a responsible party, data subject, operator and information officer?


The 8 conditions for processing personal information (PI)


Processing limitations – special conditions


Practical implications and consequences of non-compliance




POPIA is here – what now?

Assess the impact of POPIA’s requirements on your organisation. It will be necessary to change certain business processes, policies and documentation, as well as to align IT systems with POPIA’s requirements. Below are 10 focus points to consider whilst preparing for POPIA’s requirements with commencement date 1 July 2020 and which must be adhered to by 30 June 2021:

  1. Have a plan

A phased approach is important! Identify POPIA’s impact on your organisation, who is responsible for what and by when, to ensure compliance with POPIA.

  1. Two sides of a coin

Relook the organisation’s compliance with the Promotion of Access to Information Act (“PAIA”), while working on POPIA readiness.

  1. Compliance is everybody’s business

Who in the organisation should take the lead with regard to ensuring readiness? Allocate responsibility to a line function or individual who can co-ordinate the organisation’s POPIA readiness drive.

  1. Who is who

POPIA provides for roles of “data subject”, “responsible party” and “operator”. Identify these role players for all instances of processing of personal information.

  1. POPIA is about more than the 8 conditions for processing

Identify the circumstances when “special personal information”, as defined by POPIA, is processed. Ensure that such processing comply with the requirements relating to special personal information.

Address the requirements relating to direct marketing, trans-border information flows and automated processing of information.

  1. Keep it simple: policies and contracts

Prior to developing POPIA specific policies and contracts, ascertain what is currently in place. Obtain advice about the adequacy of POPIA provisions in policies and agreements, prior to developing a “POPIA policy”. It is quite often not required to amend existing contracts.

  1. Hardcopy documents… or just electronic?

Processing of personal information is not only about electronic processing. Remember to include the processing of personal information from physical documents in the scope of readiness assessments.

  1. De-identify to the extent that it cannot be re-identified again… and the other exclusions

Take the circumstances when POPIA is not applicable into account.

  1. The carrot and the stick

Intentionally identify and pursue opportunities which POPIA opens for your organisation. Opportunity could knock in terms of new products and services, or by positioning the organisation as a responsible corporate citizen.

  1. And then… other:

Establish under which circumstances consent should be obtained. Identify quick wins. Chances are that the organisation has an asset register for the physical assets it holds; consider developing an information asset register (with fields such as who uses information for what, and the like). These factors will be explored further in future articles.

Contact Karus.prinsloo@inlexso.co.za  for assistance with regard to your POPIA requirements.

Presentation and Video links:

Please see attached presentation here and video link here

You can find more information about inlexso at www.inlexso.co.za or contact Karus at Karus.prinsloo@inlexso.co.za

Useful and associated links:




IT Web: More POPI act sections come into force

IT Web: Data from Experian breach dumped on the Internet

IT Web: Lombard Insurance engages SA authorities after data breach

IT Web: Life Healthcare reveals damage caused by data breach

IT Web: Stefanutti Stocks shuts down IT systems after cyber attack

https://barnowl.co.za/knowledge-centre/ and https://barnowl.co.za/videos/

Thank you:

Once again thank you Karus for your time and for your informative presentation and thank you to all those who attended our info sharing session. We look forward to seeing you at our next info sharing session. Please keep a look out for our upcoming events at: https://barnowl.co.za/events/

Kind regards

Jonathan Crisp

Director – BarnOwl GRC and Audit software


About Karus Prinsloo: Manager of Regulatory Compliance – Inlexso (Pty) Ltd (inlexso)

Karus Prinsloo


Karus is passionate about providing practical compliance solutions. He has more than 10 years’ experience as consultant and in-house advisor in the legal and compliance environment, advising clients in industries such as logistics, mining, manufacturing, aviation, construction, financial services, banking, agriculture and property.

His experience includes approximately 5 years as advisor and trainer in respect of the Protection of Personal Information Act (POPIA). He has assisted clients with POPIA readiness in industries such as retail, manufacturing, construction, aviation and tertiary education. POPIA training experience includes presenting on POPIA since 2014 and since 2017 on behalf of Enterprises University of Pretoria (Pty) Ltd.

Before joining inlexso (named EOH Legal Services at that stage) in 2015, Karus was a director of iThemba Legal & Compliance (Pty) Ltd, specialising in legal compliance and commercial law.

Karus has practiced as attorney and served as in-house compliance advisor, compliance consultant, company secretary and corporate legal advisor. Karus was admitted as an attorney in 2003.

About BarnOwl:

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Australasia and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please see www.barnowl.co.za  for more information.

Subscribe to BarnOwl's Information Portal

Subscribe to BarnOwl’s information portal today and receive our monthly newsletter with the latest GRC and audit insights, industry updates, priority access to exclusive events, tip of the month and more straight to your inbox!


GRCReady is the official provider of risk management content for the BarnOwl GRC software solution. GRCReady provides extensive risk libraries and risk maturity checklists/surveys which are integrated with BarnOwl.

GRCReady, based in Australia, offers a comprehensive and holistic library of products and associated services including templates, policies, procedures, guidelines, checklists etc.t to help owners and directors of SMEs, startups and corporates to satisfy their corporate governance, risk management and regulatory compliance needs.

By integrating GRCReady's rich content libraries into BarnOwl's GRC software, we are able to offer our clients a state of the art, turnkey GRC solution.

GRCReady provides, arguably, the most comprehensive risk and governance maturity assessment framework with detailed steps and artefacts. BarnOwl's survey and action plan portal provides a simple and effective way to monitor and report on your current state of risk maturity and suggest and drive remedial action plans to take you to your desired state of risk and governance and maturity.

By integrating GRCReady's risk libraries with the BarnOwl GRC software, means that you don't have to start from scratch. In addition, ongoing updates and insights keep you informed and up-to-date on best practices.



Season Rhyrhm is BarnOwl's preferred partner in Botswana assisting with BarnOwl implementations, support services and client relationship management.

Season Rhythm is an established and distinguished player in the ICT sector in Botswana, specialising in a range of cutting-edge solutions. Season Rhythm leverages BarnOwl to provide tailored GRC&A services to businesses in Botswana facilitating:

  • Governance: Enabling organisations to establish and uphold effective governance structures, ensuring transparency and accountability in decision making processes.
  • Risk Management: Equipping businesses with tools to identify, assess and mitigate risks, safeguarding against potential threats and ensuring continuity in a business environment.
  • Compliance: Ensuring adherence to regulatory frameworks and industry standards, protecting businesses from non-compliance penalties and fostering trust among stakeholders.
  • Audit: Streamling the audit process with comprehensive tools for planning, execution and reporting, driving efficiency and accuracy in internal audit and compliance assessments.
  • www.sr.co.bw/ict


BarnOwl works closely with NSA in the field of GRC and assurance.

NSA is an education and risk & assurance advisory services provider, consisting of a team of professional consultants and facilitators who have been hand-picked on experience and expertise. NSA services include:

  • Strategic intervention: 30 expert consultants facilitating strategic planning, combined assurance, effective governance and risk management assignments.
  • Continuous professional development: CPD training for internal auditors, external auditors, accountants, risk managers, government officials, and psychologists.
  • Online learning: accredited training for the local government sector, including the Municipal Financial Management Program and Supply Chain Management.
  • Online skills development: skills in demand for 2030, including cybersecurity, Protection of Personal Information, Artificial Intelligence, Robotics and programming.

BarnOwl and NSA work closely with our clients to align and enable best practice GRC and assurance framework & methodologies within BarnOwl. NSA regularly presents online information sharing sessions together with BarOwl.



Nico Technologies is BarnOwl's preferred partner in Malawi assisting with BarnOwl implementations, support services and client relationship management.

Nico Technologies Limited is an established IT products and services provider in Malawi, specialising in managed IT services, IT infrastructure services, IT project management, digital solutions, digital transformation and IT advisory.

Nico Technologies uses BarnOwl extensively within their own organisation to automate and manage their own risk and compliance functions.



Morgan Solus is BarnOwl's preferred business continuity specialist consulting firm with its 'BCM toolkit' software. BarnOwl GRC together with the BCM toolkit, provides a comprehensive risk management and BCM software solution.

Morgan Solus is a specialist consultancy firm focusing on risk, resilience and continuity. Morgan Solus's core services are centred on resilience, crisis management, business continuity (BCM), IT services continuity and disaster recovery (DRP) and training.

The BCM toolkit ensures a consistent approach to implementing BCM and IT disaster recover and cuts down implementation timelines by 60% whilst driving up successful outcomes.

BarnOwl's extensive GRC and assurance functionally coupled with Morgan Solus's BCM toolkit provide the ultimate risk management and BCM software solution.



Arbutus Analytics is Barnowl's preferred data analytics software. BarnOwl GRC integrated with Arbutus Analytics, provides the ultimate in continuous risk monitoring.

Arbutus Analyzer is a powerful data access and analysis solution specifically developed for auditors, business analysts, and fraud investigators. Its robust performance and user-friendly features offer you the ability to access and analyse data quickly and simply.

BarnOwl GRC, integrated with the real-time metrics from Arbutus provides a strategic early warning system driving preventative and predictive capability facilitating effective business decision making business improvement.

www.arbutussoftware.com with local sub-sahara African distributor www.betasoftware.co.za


Barnowl works closely with Pax Resilience in the field of GRC and sustainability.

Pax Resilience offers solutions in risk, resilience and cyber security. Pax Resilience strive to create peace of mind by assisting you to build the resilience in your organisation so essential to survive and thrive in the volatile, uncertain, complex and ambiguous world we live in.

Pax Resilience regularly presents online information sharing sessions together with Barnowl.



Paige Law is the official provider of compliance content for the Barnowl GRC software solution. Paige Law provides an extensive Library of South African acts including provisions [CRMPs] and checklists which are integrated with Barnowl.

Paige Law specialises in compliance, Commercial Law, Legal process consultancy, managed legal services and POPIA/ GDPR.


Registered Address

75 Malibongwe Drive
Linden Ext
South Africa

Postal Address

PO BOX 3009


+27 (0) 11 540 9100


More Information: info@barnowl.co.za
Product Support: support@barnowl.co.za

Let Us Contact You
Let Us Contact You
I grant BarnOwl permission to contact me for marketing purposes*
*You will receive BarnOwl monthly newsletters & invitations to online events. You can unsubscribe at any time.


If you need assistance with your BarnOwl software, there are three channels available to you:



You will be emailed a ticket number from our issue tracking system and your request will be managed in
this ticket until it is completed.


You can view all your existing tickets or create new ones.


+27 (0) 11 540 9112
to speak to a support consultant

Let Support Contact You
Let Support Contact You