Who are we?


The MD of InTouch Advisory, Ken Lawrence is an experienced executive with a legal background who has worked as a Provincial Magistrate and in an executive management capacity with a listed insurer. He is an Advocate of the High Court of South Africa and has provided legal and compliance  services to various organizations ranging from SME’s and larger companies in the manufacturing, financial services and IT sectors to a major international financial services company and a chain of hotels. Ken is also a registered FAIS Compliance Officer.


Data is one of the hot topics of the moment

Data breaches and identity theft have exploded in South Africa over the past few years and coupled with the regulatory pressures on international trade such as the EU General Data Protection Regulation (GDPR) which requires all South African entities offering goods or services to EU citizens to be compliant with the Regulation, there are compelling business reasons for such entities to protect  their data to secure the personal information not only of themselves but also their staff, customers and suppliers. 

In South Africa the imperative to do so has been given the full force of the law by the Protection of Personal Information Act (POPIA) which applies not only to individuals but also to the public and private sector, natural and juristic persons and both physical and electronic records. 

The work from home trend will continue into the foreseeable future and this gives rise to new operational challenges where company devices that are required to share home wireless networks will expose new vulnerabilities that can  compromise personal information. This will  necessitate careful planning  to secure the ongoing  efficiency of business operations. For example, many business continuity plans will not  have considered such a material change. Businesses will not only have to take additional measures to ensure their own compliance but will also have to make sure that third party operators who process personal information on their behalf beef up their own measures as businesses who outsource processing operations remain accountable for ensuring that third party operators comply with the measures required.

Compliance with POPIA requires  consideration and decision making at top-level and should not be delegated. It is not a matter of quickly running through a list and ticking boxes without applying proper thought and the judicious assessment of what needs to be done. Expert assistance and advice is required.

InTouch Advisory employs a three phase process to assist organisations become compliant with the legal and organizational measures required as follows:

Phase 1 Business Management:  This starts with governance issues such as the appointment of a project team, the drafting of a Compliance Risk Management Plan and a Personal Information Risk Assessment, the completion of a gap analysis, the identification of all personal information used in the organization and  which is at the heart of the exercise, the design of process flows using sophisticated software and a review of all existing contracts to which the organization is a party to ensure that it is sufficiently protected.

Phase 2 Policy, Notice and Contracts Design: This relates to such as various Privacy Policies, an Information Technology, Social Media, Electronic Communication and Data Breach Policy, a Document Retention and Management Policy, Third Party Operator Contracts and a Promotion of Access to Information Act Manual.

Phase 3  Programme Implementation:  This is where the rubber hits the ground. All the work done is incorporated into the daily  operations of the organization. Targeted training rounds it all off.

Contact Us

Contact InTouch Advisory to protect your business during these uncertain times and into the future and make sure that you have the necessary legal and organizational mechanisms in place to become and remain POPIA compliant.