POPIA data privacy governance structures

The Protection of Personal Information Act (“POPIA”) is relatively silent on the topic of data privacy governance structures and operating models. This state of affairs, on one hand makes it difficult for companies to know definitively, how to create systems that comply with POPIA and on the other hand, gives organisations an opportunity to tailor their privacy governance framework to their needs.

A data privacy governance structure varies from business to business depending on the type of information being processed, the sensitivity and the volume of information. Furthermore, what is required for an international organisation with various branches locally and abroad will vary to that of a small business based locally.