'ELLO 'ELLO
Posts
Still compliant, still current – April 2025

Still compliant, still current – April 2025

Things moved fast this month: POPIA, FICA and one high-profile case that’s worth a second look. Let’s break it down ...

Compliance Online
April 29, 2025

POPIA and Data Protection

I. POPIA breach reporting moves to online portal

As of April, the Information Regulator requires all data breaches to be reported through a new eServices portal, replacing the old PDF/email method.

📢 Media statement
🔗 Submit via the ePortal

II. Amended POPIA Regulations

The Information Regulator has issued updated POPIA regulations, with immediate implications for how organisations manage personal data.

The amendments touch on several areas, including direct marketing, data correction, and complaints handling, and will likely require changes to your internal policies, communication systems, and staff training.

All versions of our POPIA training now include the updated eServices portal for reporting data breaches, along with new reading links that explain the recent regulation amendments.

We have four POPIA courses for you to choose from, all available via our LMS or yours.

III. Botswana’s new Data Protection Act

Effective 14 January 2025, Botswana’s new DPA replaces the 2018 legislation. The Act introduces stronger data privacy obligations and enforcement mechanisms, aligning more closely with GDPR-like standards.

Our Botswana Data Protection course has been fully updated to reflect the new DPA.

Didn’t know we cover Botswana? We do. And more …

FICA and Accountable Institutions

New guidance: Reporting failures and intelligence loss

On 31 March, the FIC published new guidance (PCC 50A) and updated rules under Directive 3A. These updates explain what to do if a FIC report is missed, rejected, or contains incorrect information. Anyone who becomes aware of a reporting failure must now notify the FIC in writing and request a meeting to agree on how to fix the issue.

We’ve updated our FICA training courses with a reference that explains what a reporting failure is, and how to respond.

Better reporting starts with better training. We’ve made sure yours is up to speed.

You might also want to know:

The FSCA recently fined three financial services providers a total of R1.2 million for FICA non-compliance.
Sarah attended the Lexis Nexis Risk Ready 2025 event - here are her takeaways.

A talking point

What the Sentabele case reminds us

The recent Sentebale case has sparked significant public and media attention, raising questions about how organisations respond to allegations of harassment and misconduct, particularly those with international operations or charitable mandates.

While details continue to emerge, the case serves as a reminder of why clear anti-harassment policies, accessible whistleblowing procedures, and transparent governance structures are essential. Especially for organisations operating across borders, the cost of getting it wrong can be cultural, reputational, and legal.

Are your internal reporting systems robust enough to protect both people and your organisation’s integrity?

This might be a good moment to revisit how your policies are tracked, and the training that supports them.

❝

New guidance, new fines, new portals, and it’s only April. Staying on top of it all doesn’t have to be a headache. We’ve already updated the relevant courses, and SCORM clients are getting the updates automatically.

Know someone who handles compliance training or policy updates? Feel free to forward this their way, or even better, introduce us.