Tuesday, 21 November 2017

Arrival and registration
Welcome and scene setting

Chair: Russell Opland, independent consultantRussell Opland, independent consultant

Making POPI more practical – what does it mean, how and when does it apply

Dr Danie Strachan, Partner, Adams and AdamsDr Danie Strachan, partner, Adams & Adams

  • Application of the Act – is POPI in force? When does POPI apply? (including exclusions)
  • What is personal information?
  • Responsible party, operator, data subject
  • Lawful processing – cover, in detail, when to use each ground and give practical examples (including consent, justification and objection)
  • Retention, deletion and destruction – database management, when you can keep info, when you should get rid of info
  • Data subject rights – notification and data subject requests for access, rectification and deletion
  • Further processing – what does it mean and when should it be used?

Find out more about the biggest data protection challenges and how to overcome them

John Giles, managing attorney, MichalsonsJohn Giles, managing attorney, Michalsons Attorneys

  • What is stopping you from complying or standing in your way?
  • How do you overcome these challenges?
  • How to comply without crippling the organisation?
  • How to reduce the cost of compliance?
Tea Break & Visit the Xperien Truck

Experiencing the Xperien Mobile Hard drive shredder Truck live

The truck provides on-site degaussing and destruction that's not only safe and secure, but also fully PoPI compliant. It offers mobile data destruction services that include the physical shredding of 300 hard drives, 500 data tapes, USB sticks and up to 400 mobile phones every hour. The mobile facility also offers the digital shredding of hard drives, solid state drives and data tapes and also the degaussing of HDD and tapes. The main advantage this truck brings to data security is that it eliminates the need to provide a "chain of custody" for the client data because the truck comes to the clients premises. Hard drive made of aluminium, steel and other metal alloys require huge amount to shred into tiny pieces and would normally happen in industrial factory.

  • The delegate will get to see the truck degaussing and destroying live at the conference. This is the only truck of its kind in SA with this technology.
Everything you need to know about the EU General Data Protection Regulation (GDPR) v POPIA

Nerushka Bowan, emerging technology law specialist and LegalTech innovatorNerushka Bowan, emerging tech law, legal tech and innovation

The GDPR is the most important change in data privacy regulation in 20 years. It becomes enforceable on 25 May 2018 after a two-year transition period and replaces the EU Data Protection Directive. The GDPR was designed to harmonise privacy laws across Europe. The biggest change comes with the extended jurisdiction of the GDPR as it applies to all companies processing the personal data of data subjects residing in the EU, regardless of the company's location. Those organisations in non-compliance will face heavy fines of up to 4% on global turnover or EUR20 million – whichever is greater.

  • This talk will give a high-level overview of the GDPR, while emphasising similarities and differences with POPIA.
Gain insight into how you can comply with POPI at the time of disposal and reduce cost of ownership at the same time

Bridgette Vermaak, Head of IT asset disposal, XperienBridgette Vermaak, Head of IT asset disposal, Xperien

Vermaak will show how she helped and re-engineered the processes at a South African retail bank (case study).

  • This started with the development of the ITAD policy to clearly establish the scope of the project.
  • Detailed planning to facilitate communication between the numerous teams involved, from decommissioning to certification.
  • Optimising resources by providing process security sensitive options to total data destruction.
  • Reverse logistics was made simple through this approach, ensuring zero storage and mitigation of risk during the chain of custody, executing national collections with options for low-risk items.

Lunch & Visit the Xperien Truck
Achieving POPI and GDPR compliance with an encrypt everything strategy

Maeson Maherry, solutions director, LAWTrust Maeson Maherry , solutions director, LAWTrust

Where do you start? A detailed look at the POPI implementation

Christelle Bure, Director and co-founder, MetatransChristelle Bure,director - implementation and people development, Metatrans Business Services

Becoming POPIA compliant is a culture change, a mindset change, an opportunity to be leveraged. It is more than a tick-box exercise.
It is a slow and steady journey that an organisation has to commit to. And interestingly, once it is done right, companies realise the massive, positive impact this has on relationships with its clients, staff and suppliers. In fact, the decision to become respectful of the privacy of the personal information of others is very liberating and creates a giant leap towards building trusting and lasting relationships. Approaching POPIA in this way not only helps companies become compliant, it may well give them a strong competitive edge and opportunity.
So, how do you sift through all the information available online and decide what your first or next steps are? Hopefully, this will shine a guiding light on your journey. The first thing you have to acknowledge is that if you are in business, you need to be POPIA compliant. The size of your company, the complexity of your data, your staff, your suppliers, etc, will all impact the effort you will need to put into compliance.

  • Overview of the POPI Act
  • Understanding what the Act is trying to achieve
  • An understanding of what you need to do to be compliant
  • Approach to implementation of POPIA in your organisation

Tea Break & Visit the Xperien Truck
Data protection in Africa

Samantha Buchler, manager: Governance, Risk & Regulatory: Risk Advisory Africa, DeloitteSamantha Buchler, senior manager, Deloitte

With the advancement of technological innovation and cross-border trade, compliance with international personal data protection legislation and standards has become imperative.
Business in Africa is expanding at a rapid pace due to a proliferation of investment opportunities on the continent. To effectively conduct business in Africa, organisations need to understand the African personal data protection regulatory landscape. Non-compliance with personal data protection legislation in Africa may potentially preclude multinational organisations from capitalising on their African exploits, by restricting their ability to transfer personal data to third parties beyond African borders, thus hindering business operations.

  • Samantha will look at the Africa personal data regulatory landscape and the importance of compliance with personal data protection legislation for business growth and international trade.
The Information Regulator, more about the process of implementing the information regulator, the schedule and the challenges

Alison Tilley, Attorney and head of advocacy, Open Democracy Advice CentreAlison Tilley, attorney and head of advocacy, Open Democracy Advice Centre

The Information Regulator is a key part of POPI compliance and will also be central to PAIA implementation. The five members of the Regulator have been appointed, and the Regulator given the go ahead to establish the office. The strategic plan of the Regulator shows however a number of flaws, which may well result in the office being delayed in beginning work. In addition, there are problems with the DPSA and Treasury.

  • The Regulator is behind schedule on its set up;
  • There are problems with its plan going forward;
  • There is push back on the Regulator coming into operation;
  • There are steps that can be taken to mitigate these problems.
Close of day

Silver Sponsors