Breached! Stumped on what to do now?


Data breaches continue to signal the end of a number of businesses. Having a clear plan, incident report mechanism, and a team in place and testing the plan from time to time can mean the difference between your business surviving a breach or simply mitigating the extent of the damages from a financial and reputational point of view. It is therefore important to understand what exactly constitutes a breach and what POPIA expect to happen if such an event occurs within your business.


Skills session topic:

Breached! Stumped on what to do now.

Cost of session:

R2 300 per attendee (VAT excluded)

Learning Outcomes – What an attendee will learn at this session includes:
  • What is a personal data breach and practical examples
  • What does POPIA require in the event of a data breach
  • When is notification to the Regulator required
  • How do we notify the Regulator?
  • What information must be included in a breach notification?
  • What is the time frame for a notification?
  • What if the required information is not readily available?
  • Do we need to inform data subjects about a data breach and what information are we required to provide them with?
  • Who is responsible for managing data breaches?
  • What is the role of the operator in the case of a data breach?
  • What happens if we do not report the breach?
  • Building a data breach management policy and guidance steps to consider.
Why attend the session?

It is clear that the continued growth in flexible working practices, including remote and mobile working, is making protecting sensitive data an increasing challenge that organisations must address. Data loss and theft has the potential to affect all of us – from private individuals to small businesses and multinational corporations. While awareness of the threat posed by a data breach is increasing, there is still a lack of understanding of the many ways in which such a breach can occur and, most importantly, little awareness of the often simple steps that can be taken to prevent personal and business data loss.

Whilst the vast majority of businesses have taken some action to protect themselves through the installation of security software and hardware such measures, while important, only address part of the data security threat. Implementing suitable policies, testing these policies and making your compliance team, IT team and personnel aware of how to recognise and deal with a breach in the circumstances, and based on their respective roles, can go a long way to saving you time and money.

Who should attend the session?
  • The information officer tasked with leading POPIA compliance in a business and also being the first point of contact with the Regulator when it comes to the business’ compliance with POPIA and answering for data breach incidences.
  • Internal compliance and legal teams and IT teams who may work together with the information officer to build a data breach management framework
  • General division heads and staff – human error has the potential to trigger or aggravate a breach event. Ensuring your staff know what a data breach may potentially look like and creating internal awareness is important as systems and tools are only part of ensuring breach events are avoided and if they do occur, are handled professionally and lawfully.
Duration and location:
  • The session can either be held at our offices (Brooklyn, Pretoria) (we have capacity for a maximum of 1 – 10 persons) or online via video conferencing. The organisation to provide its preferred method of presentation.
  • The duration of the session is 2 hours, with a brief tea interval and allocated time for Q&As.

Once we have received the intended number of persons who will attend the session, together with each of their names, surnames and email addresses we shall provide 3 available dates for the session to be held.


Upon confirmation of session booking, our invoice shall be dispatched for payment to be made prior to the date of session.

Training session material:

We will provide all material in connection with the session to be presented.


The training is offered in English.

*Please take note that VDT’s training POPIA knowledge sessions are not accredited and/or affiliated with any higher education or skills development authority or institution. The skills development sessions are planned and presented internally and aim to provide applicable information regarding a particular topic presented and equip attendees with valuable skills which may assist them in further decision making.