Small Business Compliance for the Protection of Personal Information Act

Crush POPIA Compliance in Five Days

A practical step-by-step approach for a small-business to reach POPI compliance fast, and get back to business confident everything is done and dusted.

How You Can Do Everything the POPI Act Demands in Less Than 1 Week

This POPI act applies to every business in SA.

Whether you are a sole trader, (Pty) Ltd, Inc or anything else.

Whether you are trading online or offline.

No matter what you sell.

We small business owners don't have the resources a listed company has. Most of us have one resource. Ourselves! We don't have the time to keep in touch with all the red tape needed to stay legal.

This POPI law will make a few consultants rich and cost the rest of us tens of thousands of rand each to get it done in time. Right now, an afternoon of training just describing the Act will cost more than R1500. (Per person.)

I am a small-business owner myself. I have been since 1984.

I have trained more than 50,000 small-business owners since 1992—most online. I hate dealing with red tape designed for big business. And, like you, I hate wasting money.

Tiffany says...

I assumed, as a small business owner, that the only way POPI affected me was my email marketing. I figured that, from this training, I’d learn how to get consent for emailing strangers, and that was it.

I had no idea, literally, of the very real risks that exist in my business as a function of Personal Information - and of how they have the potential to shutter what I have spent 16 years building. If you’d asked me whether data protection was a thing I had to worry about, I’d probably have laughed at you (largely because I had no idea what data protection was). I used the same password for everything. I happily used the wifi in shopping malls. And I didn’t know the difference between encryption and a sandwich.

Not only have I now learned to mitigate those risks, and actually taken the steps to do so, but my business is also better organised as a whole. I know where things are. I have deleted and thrown away old documents. I own a shredder. As a soloist businessperson, there’s a lot to worry about. Thankfully, for me, the protection of Personal Information is no longer one of them

- Tiffany Markman, Freelance Copywriter of the Year: South Africa, 2020


There are two ways to reach POPI compliance.

Hide behind cupboards of legal documents to protect yourself when things go wrong - like losing the personal information of thousands of clients.

Lawyers selling this option to large organisations get rich because they sell the hours needed to draft these documents.

We small-business owners don't have that kind of money, nor that kind of time.


Set up simple data protection practices to protect your information from exposure or loss.

Once you understand what the act expects, it's easy to implement simple data protocols to protect your information. We small businesses use the same equipment, use the same applications online, and use the same operating systems. So what works for one of us will work for all of us. We've proven this with more than 800 small businesses.

As we worked through these processes many times, we've seen how effective they can be if we apply well-known, free services and applications.

Once installed, these simple solutions work forever.

And you have the backing of more than 800 small business owners supporting your efforts.

Richard says...

If this course was just about POPIA, it will have served its purpose. It's just great. But much more than that, I got an appreciation of the options when it comes to data protection, and in general securing our digital life.

I feel I know what there is to know. In particular the story about passwords and security. We've already had a big online bank fraud years and years ago. So I'm sensitive to the issues. I feel we are much better protected now.

- Dr Richard Broome Ph.D, Thinking Skills

How Did I Get Involved with POPIA?

Some of my clients asked me to look at the Protection of Personal Information Act three years ago. I thought this would be a walk in the park, given the experience I had with the previous Act. I have never been more wrong.

This POPI Act is a whole new level of obfuscation. If you've read anything about the Act in the news, you probably haven't understood too much. It's unreadable for a regular person without two University degrees.

It applies to every business, club, charity, church, and school in the country. It applies to doctors, workshops, guest houses, no matter how big or small. And most of us have no clue what is expected of us. Every presentation I have attended told me what the Act says. Nobody told me what to do to achieve what the Act wants.

That's why my clients asked for help. It's taken more than a year to translate what the Act demands we achieve into practical steps to comply with POPIA. And then to translate those reasonable steps into a course to get you to full compliance in a week.

Even then, we've done everything at least twice. First, we've met together for an hour each week to discuss the challenges. Then we've met to find collective solutions to protect data. And to avoid falling foul of the Information Regulator.

More than 800 small business owners have offered feedback and their experiences. In addition, they've shared the challenges they face in their particular business spheres. The result is a POPI Compliance Project with a formidable base of small business information.


Why all the fuss?

Until now:

  • If your bank exposed your credit card details, you were the person facing the fallout. Or if one of their suppliers lost your data. You took the pain, and they got away scot-free. That happened a few years ago in the USA when Equifax exposed 143 million records. The data included social security numbers as well as full card details.
  • Jigsaw Holdings in SA lost 63 million records in October 2017. (None of us knew this stash even existed, a mix of ID number, home addresses, employer details, income details, email addresses, ...)
  • On October 24, 2017, a UK plastic surgeon exposed 10 TB of records of celebrity patients. This included photos of them before, during and after surgery.

I could go on, but you get the picture.

It's tempting to think that this applies only to big businesses. But you'd be just as unhappy if the doctor you saw last week exposed your medical history.

How does this project work for you?

All our training is online. You can access it at any time, from anywhere, via any device. That's lifetime access.

You don't want to waste hours learning legal stuff you will never need.

It doesn't make sense for each of us to develop our own policy/manual for a service like GMAIL. If hundreds of us use GMAIL, it makes sense to write one policy/manual and share it.

The same applies to any other online service or app or Operating System:

  • PC operating systems like Windows, OSX, Linux,...
  • mobile phone operating systems like Android and iOS,
  • common online storage providers like Apple, Microsoft, Google, Amazon, Dropbox,...
  • common desktop applications like Microsoft /Word, Excel, etc), Apple (Pages, Numbers, etc), web browsers, ...
  • common online mailing services like Mailchimp, Activecampaign, Getresponse, ...
  • password managers like 1Password, LastPass, Dashlane,...

You Get

  • Fast Track Compliance Checklist and lectures
    • These are part of your Information Officer Training
    • Highlighting EXACTLY what to do, and how, and in what sequence
    • Ending with complete data protection, all the relevant documentation completed, Information Officer registered..
    • Nobody else offers fast practical compliance like this
  • Complete Information Officer Training specifically related to small business issues
    • Complete Security Safeguard Guidance
    • Practical steps demonstrated in lectures
    • Deep understanding of the most important steps to take first
    • Nobody else offers fast practical compliance like this
  • Complete Staff Privacy Awareness training for each employee with completion certificate
    • Separate Course
    • Free for the first 5 Employees
    • Certificate of Completion
    • Nobody else offers online staff privacy training like this
  • Complete Document Pack of 220 pages containing
    • POPIA and PAIA Manuals
    • All the Policies you need
    • All the Procedures you need
    • All the Contracts you need
    • All written in simple English
  • Your Questions Answered
    • Q&A section for each lecture allows you to ask on the spot
    • Weekly Live Q&A session recorded and published same day
    • Via Email
  • Complete POPI Reference Section
    • POPI Act
    • PAIA Act
    • Registration Links
    • Information Expiry Dates
    • Regulations
    • Codes of Conduct
  • Lifetime Access for new Staff & Regulation Changes

You will never need to meet the Information Regulator because your data will never be exposed.

You get 100% POPI compliance via:

  • Encryption Security so when you lose a device (or thieves take it) nobody can read the data on it.
  • Hardware Security, so nobody can break into your systems.
  • Software Security, so the data within all your apps remains secure
  • Staff Security, where we use videos to train your team.
  • Paper Processes with procedures to manage your information in line with POPI demands.

You get a simple, powerful 30 day guarantee.

  • If our approach does not blow you away…
  • At any time within 30 days…
  • For any reason whatsoever…
  • You get 100% of your investment returned…
  • With no questions asked...
  • And we'll stay friends.

Your Instructor

Peter Carruthers.
Peter Carruthers.

Peter Carruthers authored the world's best-selling book on surviving small-business closure. He's guided more than 50,000 small-business owners since his first business closed unexpectedly in 1992.

All his training and consulting has been delivered through the Internet since 2004.

During this time he's lived in South Africa, Spain, England, and Norway. (Yeah, he's got massive wanderlust.)

Frequently Asked Questions

When does the project start and finish?
The course starts now and never ends! It is a completely self-paced online process - you decide when you start and when you finish.
How long do I have access to the project materials?
How does lifetime access sound? After enrolling, you have unlimited access to this project for as long as you like - across any and all devices you own.
What if I am unhappy with the project?

If you're not blown away by what you learn and how we present it we want to refund you in full. Contact us in the first 30 days and we will give you a full refund. No questions asked.

Get started now!

Megan says...

Thank you so much for this 5-day compliance quest.

I found it very informative in terms of putting theory to action and having the key elements highlighted, rollout should be quick for the staff

I love this and it was also easy for my Directors to understand when giving it to them in the simplest, least overloading way.

Thanks to this, I have their support and understanding, meaning they will join the fight with the staff to ensure compliance.

- Megan Riddell, Solarpop

The Curriculum (in Detail)

We've stored everything you could possibly need in our lectures, every discussion, all the questions. They provide around 25 hours of background detail.

But you won't need to go through most of these lectures yourself.

We've distilled the essence into a Fast Track step-by-step checklist that links deep into the syllabus to present exactly what to do without wasting time and effort.

Course Curriculum

  Two Day Fast Track
Available in days
days after you enroll
  POPI Compliance Policies, Statements, Notices
Available in days
days after you enroll


Get started now!

Grant says...

Clearly, this has been a massive task for you and it has been well done. I shall keep referring people to you as I come across them and I have asked people at work to do the same.

When I go back over your whole course I am astounded at the amount of work you have put into this project. You took the POPIA and presented in a plain understandable English course and then your latest 5-day Compliance course crystalised the considerable volume of knowledge into a short easy to follow MUST DO LIST.

We are in the process of implementing this course. It is clear, short and easy to understand so I do not anticipate problems.

- Grant Gore, Martin Trailer Company