Service · Layer 05

Privacy & Compliance

We make privacy compliance real rather than theoretical: POPIA readiness, data mapping, impact assessments and privacy rights management — automated on the OneTrust platform, of which we are a partner.

Who this is for

Executives who have been told — by auditors, clients or their own conscience — that their POPIA posture needs work, and want a programme rather than a policy PDF.

What’s included

  • POPIA readiness & programme build

    Where you stand, what the gaps mean in business terms, and a realistic path to closing them.

  • Data mapping & impact assessments

    PIA and DPIA automation: know what personal information you hold, where it lives and why — provably.

  • Privacy rights & incident management

    Handling data subject requests and privacy incidents inside statutory timelines, without heroics.

  • Third-party risk

    Structured assessment of the vendors who hold your data — because their breach is your breach under POPIA.

How an engagement works

Starts with a readiness assessment delivered as a board-usable report. Programmes are then scoped in quarters, with the OneTrust platform doing the heavy lifting and our people doing the thinking.

Straight answers

Is POPIA actually enforced?

Yes — the Information Regulator is issuing enforcement notices and fines, and large clients increasingly demand evidence of compliance before signing. The commercial risk now moves faster than the legal one.

Do we have to buy OneTrust?

No. The platform accelerates larger programmes, but smaller organisations can reach defensible compliance with disciplined process alone. We will tell you which you are.

Talk to a person about this.

Start a conversation