Data subject rights – What to know (Copy)


Data subjects are afforded a variety of rights in terms of the Protection of Personal Information Act (POPIA) because at the end of the day, it is their own personal information that is being requested and used and they therefore, are afforded a level of control in respect of what is done to their own personal information and how it is handled.


Examples of data subject rights include the right to requests correction of their personal data, the right to complain about how their personal information is being used, the right to withdraw their consent, the right to erasure and the right to access their personal information. These rights in the circumstances may be subject to further exemptions and various qualifications and therefore, as a business that processes personal information it is imperative to understand how to address and respond to a data subject exercising one or more of his or her rights in relation to their personal information.

Skills session topic:

Managing data subject rights – What to know

Cost of session:

R2 300 per attendee (VAT excluded)

Learning Outcomes – What an attendee will learn at this session includes:
  • What are data subject rights?
  • Forms and procedures required in terms of POPIA and Promotion of Access to Information Act (PAIA)
  • How to handle a data subject access request (SAR) and the need for a clear internal SAR policy
  • What’s a PAIA Manual?
  • Guidance steps and practical scenarios to avoid mishandling of SARs including:
    • determining whether a valid request has been made
    • liaising with the requester to clarify the request
    • analysing whether particular manual (paper) records fall within the law
    • setting parameters for the search for information and collating the results
    • establishing whether the retrieved information is personal data
    • dealing with third party information
    • applying the relevant exemptions
    • presenting the response to the applicant including how to redact documents
    • managing dissatisfied recipients
    • how to deal with an investigation
    • staff awareness and training
Why attend the session?

Managing data subject rights is part and parcel of ensuring that your business addresses all aspects of its POPIA compliance. When it comes to managing SARS specifically, understanding how POPIA relates to PAIA is further important to ensure such requests are handled correctly.

Who should attend the session?
  • The information officer tasked with leading POPIA compliance in a business.
  • Internal compliance and legal teams
  • Staff members who are at the forefront of data subject access requests
Duration and location:
  • The session can either be held at our offices (Brooklyn, Pretoria) (we have capacity for a maximum of 1 – 10 persons) or online via video conferencing. The organisation to provide its preferred method of presentation.
  • The duration of the session is 2 hours, with a brief tea interval and allocated time for Q&As.

Once we have received the intended number of persons who will attend the session, together with each of their names, surnames and email addresses we shall provide 3 available dates for the session to be held.


Upon confirmation of session booking, our invoice shall be dispatched for payment to be made prior to the date of session.

Training session material:

We will provide all material in connection with the session to be presented.


The training is offered in English.

*Please take note that VDT’s training POPIA knowledge sessions are not accredited and/or affiliated with any higher education or skills development authority or institution. The skills development sessions are planned and presented internally and aim to provide applicable information regarding a particular topic presented and equip attendees with valuable skills which may assist them in further decision making.