• Our no bullsh*t guide to #Winning at POPIA

    Wanna stay in the Regulator’s good books? We swear by these ten steps. KNOW WHAT TO DO IF THE POPIA HITS THE FAN Suffering a data breach is...

  • When POPIA applies to what we say…

    Is it open season for sharing personal information in conversation, or should we be vigilant about breaching POPIA? WHAT SECTION 3 SAYS To find out if POPIA applies to...

  • Telemarketing in South Africa: Navigating the POPIA landscape

    THE STIR Telemarketing in South Africa is under the microscope, and let's be real, we're all (at least a bit) tired of spammy calls and emails. Enter the Information Regulator (IR), with a...

  • Read: White paper on the impact of POPIA on cookies, advertising, marketing and privacy (with some cats thrown in)

    While we were creating our white paper on cookies, adtech, martech and privacy, we became obsessed with cats. Why did we take things so far? (Cat scrotums are pretty far.) Because writing...

  • Alright stop – POPIA time!

    Okay, maybe it’s not MC-Hammer-pants-level exciting, but we’ll be damned if we aren’t going to make it fun! If you feel like you need a refresher – or perhaps a fresh perspective?...

  • Overthinking the Protection of Personal Information Act_Novation_Book

    Introducing… The Last POPIA Book You Will Ever Need

    There is no better way to introduce our book, Over-Thinking the Protection of Personal Information Act: The Last POPIA Book You Will Ever Need, than by reciting the Dunning-Kruger* prayer: ‘Let me...

  • 5 things information officers and octopuses have in common

    The octopus has become something of a theme here at Novation since we put one on the cover of our new POPIA book. This got us thinking about how information officers (IOs)...

  • Will POPIA kill direct marketing? Let’s bust the myths right now.

    Info Wars Episode IX: The Information Regulator Strikes Back

    The Information Regulator’s doomsday clock hit 0, life as we knew it changed. 1 July 2021 finally came. The re-consent pigeons were sent out and organisations joined in the communications assault with...

  • Do you need a POPIA crash course (or something a little stronger)?

    30 June 2021. Unless this is your birthday, this date probably fills most of you with some trepidation. No need – let’s turn the anxiety into excitement that POPIA is finally here...

  • Not another POPIA white paper: 10 years, 10 lessons

    It has been a decade since talk of the Protection of Personal Information Act started. Ten. Years. And finally we have an effective date. It is 1 July 2020. That’s right; it...

  • How to start your POPIA compliance project during lockdown

    It’s week 5 000 of the national lockdown, so we reckon everyone will appreciate a change of focus (since we can’t change the scenery). From what we can tell, most people’s pace during...

  • Are you mature enough for POPIA?

    Many of our projects begin with a similar story from new clients, ‘We made our first attempt to become POPIA compliant in 2015, but nothing changed. We asked ABC to help us...

  • Life or privacy: do we really have to choose? A reading list.

    My recent talk at the IAPP CapeTown/Johannesburg KnowledgeNet was around privacy, ethics and trust in the time of COVID-19. Here is some additional reading. 1. I feel like I am stuck in a...

  • POPIA is coming, look busy.

    Why the face? The Information Regulator asked the President to announce 1 April 2020 as the commencement date for the Protection of Personal Information Act (POPIA). 1 April is also an auspicious date...

  • Hacking data breaches: We need a new breed of compliance officer

    R58.4 million. This is the average cost of a data breach today according to IBM. It is no surprise then that cyber resilience is top of mind for CEOs the world over. But...

  • Super nerd_direct marketing form 4

    Direct marketing and the dreaded consent

    Everywhere we go, we are asked the same questions. Do we really have to use the terrible, horrible, no good, very bad form 4, to get consent for direct marketing when the POPIA comes...

  • Celebrate International Data Privacy Day with us!

    As we celebrate International Data Privacy Day, we think back on 2018. We spent a lot of time dealing with a deluge of questions from companies wondering whether they need to comply...

  • HAVE YOU HEARD? UPDATED POPIA REGS TABLED AT PARLIAMENT

    Finally! The latest version of the POPIA Regulations have been tabled at Parliament. We have all been waiting anxiously for an update to the dreaded Form 4. Here is a reminder of what...

  • Ethics and data protection in AI

    When it comes to artificial intelligence (AI) it’s not difficult to see that we find ourselves in a time of great significance. Not only has AI magnificent potential, it is also progressing at...

  • Why, and what now Europe?

    If you’re in the digital or data driven services industry you most probably received  calls from a lot of panicky clients asking whether your service is GDPR compliant. Luckily for many South African...

  • The C-word

    Here at Novcon using the word ‘consent’ is pretty much like telling us you do not like our Lego ... yes, we take offence! So, we have dubbed consent the c-word, mostly because...

  • Compliance & Legal consultant

    Novation Consulting is bursting at the seams with work. We need a top performing, creative mind, who knows compliance, risk management, and legal stuff. This is an opportunity to escape the chains of...

  • GDPR and POPIA – what you need to know

    Boo-Yah! owner Carmen Murray with guest Elizabeth de Stadler : Plain language and privacy law expert - GDPR and POPIA - what you need to know.

  • Dropped ice -cream

    Crying over spilled data. Greenwich University and the GDPR.

    The University of Greenwich in the United Kingdom was recently fined £120 000 by their Information Regulator, the Information Commissioner’s Office. You can read the full decision here. Why do we care? We...

  • Deleting your Facebook account

    Why I deleted my Facebook account

    For many years I have had significant misgivings about Facebook’s approach to protecting personal information. Despite this I kept a Facebook account as a means for my friends to update me on what...

  • Odd bird ostrich

    POPIA compliance and Codes of Conduct

    In a sense, the POPIA is a bit of an odd bird. In South Africa, we are used to rules-based legislation. Legislation that prohibits things, sets requirements, tells us what to do. This...

  • A bunch of our favourite (free) EU GDPR reads

    With the 25 May 2018 implimentation date for the EU GDPR creeping closer, there is a lot of information flying around. So much, that it is easy to feel overwhelmed. So we thought...

  • Sick of spammers? Know your rights.

    In this country, it’s hard to find something that everyone can agree on, but we’re fairly certain that we all agree that random ‘investment opportunity’ emails, cold calls from insurance companies and personal...

  • Your right to privacy. How will it change under POPIA?

    The Protection of Personal Information Act (POPIA) is set to kick in in the first half of 2018, according to the Information Regulator. Businesses have been scrambling to get their information governance practices...

  • 4 things you can do today to protect your privacy

    Privacy seems to be on everyone’s minds lately. Between online shopping, sharing your life on social media, and signing up for a webinar, it’s hard to keep track of where you’re sharing your...

  • Be smart about sharing your information

    28 January is Data Privacy Day, an international day created to raise awareness and promote privacy and data protection. When you think of a data breach you often think of twelve-year-old hackers recruited...

  • Guide dog

    Plain language privacy notices: Win your customers' trust

    Using plain language when you talk about privacy and personal information is key if you want to win your customers' trust. We have written about the POPIA requirement that a business must have...

  • Mind the gap

    SA’s largest data breach & how you can protect your data

    It turns out SA’s largest recorded data breach was traced to a Web server registered to a real estate company based in Pretoria, Jigsaw Holdings. They are a holding company for several real...

  • Nightmare on direct marketing street

      The long awaited POPI regulations are here. They don't say much, but what they do say spells disaster for direct marketers. And you know us, we are not alarmist. Section 69 of...

  • Hot off the press: POPI Regulations out for comment

    The draft POPI regulations have just come out for comment. We will be digesting them over the weekend and will let you know what is what on Monday on our blog. Weekend reading....

  • Does complying with the security requirement in POPI make you WannaCry?

    I often get asked what ‘appropriate security’ is for a particular business. Although this is a really important question, it is equally important that you ask the right person. The best way to...

  • How a POPI project can mitigate the risks of a ransomware attack

    The recent WannaCry attack was one of the first highly publicised attacks in which ransomware was weaponized and used against numerous companies at once. It has caused many businesses to wake up to...

  • Processing child information: It doesn’t get more personal than that…

    Before we talk about the challenges of processing the personal information of minors, let’s take a step back. It feels like POPI has been in this kind of legislative limbo for years. Oh...

  • POPI or PawPaw? Who cares.

    So, the Information Regulator and the Department of Justice has asked everyone to stop calling the Protection of Personal Information Act 'POPI', but 'POPIA'. Of course, it only took about 5 seconds for...

  • Information Regulator says no…effective date this year

    So, the Information Regulator had a press conference today (13 February 2017). We were waiting with bated breath to hear what the effective date was going to be. Alas (or mercifully, depending on...

  • Direct email marketing around the world (well, almost)

    Looking for new clients? Don’t we all. Why not expand your client base to the US, Europe or India? Before you send out that gorgeous email campaign, let’s check the rules around marketing...

  • Rethinking privacy policies

    These days, I find it very difficult to see the point of overly legalistic privacy policies normally hidden behind a tiny link at the bottom of a webpage. Apart from the fact that I...

  • What happens if you don't comply with POPI?

    Earlier this year Elizabeth wrote a useful article entitled ‘5 Reasons why POPI Compliance Matters’. While Elizabeth’s article addressed why POPI compliance matters, this article focusses on what happens if you don’t have POPI...

  • Privacy by design – getting it right from the start

    When do you have your best ideas? I have mine while on my bike, with the wind in my hair and dust (and often insects) in my mouth. This is when my mind...

  • 5 reasons why POPIA compliance (blegh!) matters

    (and they have nothing to do with POPIA really) It has become clear in recent years that the proper treatment of their personal information matters to consumers (we have tested this), but why...

  • Privacy implications of CIPC data

    Recently Companies House in the United Kingdom (the United Kingdom version of the Companies and Intellectual Property Commission (CIPC)) took the unusual step of deciding to provide online company information to the public...

  • Is this where the word 'spam' comes from?

    When did we start referring to unsolicited marketing messages as 'spam'? While researching my book, I found an article 'The regulation of unsolicited commercial communications (spam): Is the opt-out mechanism effective?' by Sebo...