POPI Act & GDPR Compliance


Naveg will assist your organisation to comply with the Protection of Personal Information, POPI Act, EU GDPR, and other privacy requirements. We adopt a holistic and systematic approach to privacy compliance. Our approach to the challenges of POPIA and GDPR implementation is that our solution is aligned with other Management Systems within the organisation. Management System is a collection of Policies, Procedures, People, Processes and Application or Technology systems applied to enterprise business operations.

People, Process, Technology & Intelligence

The Protection of Personal Information Act of 2013, commonly referred to as POPI, requires both private and public organisations to comply with. The purpose of this Act is to ensure [U1] that all organisations conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise the third party’s personal information in any way.

POPI has eight (8) principles organisation must comply with, namely

  1. Accountability
  2. Processing limitation
  3. Purpose specification
  4. Further process limitation
  5. Information quality
  6. Openness
  7. Security safeguards
  8. Data subject participation.

For an organisation to become POPI compliant it will not be a once-off project; but will require continuous activity and ongoing commitment. Naveg has developed a framework align to local & international best practices to assist organisations to become compliant, avoid financial (fines), legal, business, reputation risk, and protect critical and sensitive information infrastructure.

We can assist with:

  • POPIA Gap Analysis
  • POPIA Maturity Assessments
  • POPIA Impact Assessments
  • PAIA Manual
  • Develop & Implement Privacy & Compliance Program
  • Assess, Monitor & Improve Compliance Program
  • Data Security
  • Data Breach Incident Management
  • POPIA Training & Awareness

GDPR Compliance

The General Data Protection Regulation (EU) 2016/679 (“GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Failure to comply with GDPR will result in fines of up to 4% of annual turnover or €20 million – whichever is highest.

Naveg offers a complete program of support to help you prepare for GDPR and to ensure continuing compliance following implementation.

Our GDPR services provide a complete approach to compliance, ensuring smooth adoption and minimizing the risk of any future breach.

Services are broad in scope and cover everything from the initial impact assessment through to guidance in the appointment of a Data Protection Officer.

Our GDPR services are complemented by an extensive portfolio of associated cyber-security solutions, designed to maximize protection of all client data assets.

Contact us for more information and how we can assist your organisation

Avoid non-compliance & penalties!

Send a Message