Compliance Is Not
the Ceiling — It's the Floor.
Kaymerc X Impact — ESG, POPIA/GDPR compliance, ISO readiness, governance, and operational excellence. 100% compliance success rate. Zero audit failures.
Where Precision Meets Purpose.
Kaymerc X Impact is the compliance, governance, and operational excellence division of Kaymerc X. We exist because the gap between regulation and real-world business practice creates enormous risk — and enormous opportunity for organisations that get it right.
Our track record is unmatched: 100% compliance success rate across every POPIA, GDPR, and ISO engagement we have delivered. Zero audit failures across all client engagements. We don't just advise on compliance — we implement it, embed it, and make it sustainable.
Our process excellence methodology is underpinned by Lean Six Sigma Black Belt (LSSBB) thinking. This is not a coincidence — compliance failures are almost always process failures. We fix the process, not just the paper trail.
Impact spans three interconnected disciplines: process excellence and operational compliance, data governance and privacy (POPIA, GDPR, and African frameworks), and corporate governance and risk (King IV, ISO 31000, ESG reporting).
"Impact is where precision meets purpose."
End-to-end compliance implementation covering assessments, policies, training, outsourced IO services, breach response, and annual audits.
Lean Six Sigma-led process audits, SOP development, and ISO 9001 readiness preparation that builds lasting operational quality.
Corporate governance frameworks, enterprise risk registers (ISO 31000), internal controls design, and ESG reporting frameworks built for board accountability.
Structured ESG frameworks aligned with investor, regulatory, and stakeholder reporting requirements for South African businesses.
Pre-built incident response plans, data breach protocols, and business continuity planning that activate when — not if — something goes wrong.
Built for Organisations That Take Compliance Seriously
From SMEs meeting their first POPIA obligations to listed companies building enterprise governance frameworks — Impact scales to your context.
Needing foundational POPIA compliance, SOPs, and a governance baseline to support scale and investor readiness.
Regulated entities requiring POPIA alignment, enterprise risk registers, and internal controls that satisfy FSCA expectations.
Handling sensitive special-category health data under POPIA and HPCSA guidelines requiring specialist privacy governance.
Processing customer data at scale across platforms, apps, and SaaS products with POPIA and GDPR obligations.
Managing learner, staff, and parent data under POPIA with requirements for section 51 PAIA manuals and consent frameworks.
Organisations subject to POPIA, PAIA, and King IV governance with board accountability and reporting obligations.
Companies with EU-based clients, employees, or data subjects facing GDPR obligations alongside POPIA.
Companies seeking ISO 9001 readiness, Lean process improvements, and SOP frameworks to drive operational efficiency.
Collecting customer data, managing loyalty programmes, and running digital marketing requiring POPIA consent frameworks.
Firms managing confidential client data with POPIA obligations and sector-specific regulatory requirements.
Seeking structured King IV governance frameworks, ESG reporting design, and enterprise risk management approaches.
You have never had a formal POPIA compliance review and your business collects, stores, or processes personal information of any kind.
You have no privacy policy, no consent forms, and no data subject rights process — these are legal requirements under POPIA, not best practice.
Your risk register is outdated, non-existent, or has never been formally reviewed by your board or leadership team.
You have been flagged in an internal or external audit — and have not yet actioned a structured remediation programme.
From First Contact to Full Compliance — In Four Steps
Our intake process is designed to get you from uncertainty to clarity — fast. The first two touchpoints cost you nothing.
Our free online readiness tool takes 10 minutes and gives you an immediate sense of where your organisation stands against the key POPIA requirements.
FreeA structured, confidential conversation covering your current compliance state, key risks, applicable frameworks, and the scope of support you need. No obligation, no hard sell.
FreeWithin 5 business days of your discovery session, you'll receive a clear gap analysis, prioritised remediation actions, and a proposal for the recommended engagement scope.
We start with the highest-risk items and build systematically: from immediate quick wins (privacy policy, consent forms, IO appointment) through to a full compliance programme embedded in your operations.
22 Services Across Three Disciplines
All pricing shown is indicative starting price. Final investment confirmed following scope discussion. VAT not included.
| Code | Service | Type | From |
|---|---|---|---|
| IMP-001 | Process Efficiency Audit (Lean Six Sigma) | Project | R20,000Contact for pricing 🔒 Sign in |
| IMP-002 | Standard Operating Procedure (SOP) Development | Project | R5,000 / SOPContact for pricing 🔒 Sign in |
| IMP-003 | Operational Excellence Assessment | Project | R25,000Contact for pricing 🔒 Sign in |
| IMP-004 | ISO 9001 Readiness Assessment & Preparation | Project | R35,000Contact for pricing 🔒 Sign in |
| IMP-005 | Continuous Improvement Programme Design | Project | R30,000Contact for pricing 🔒 Sign in |
| IMP-006 | Process Governance Framework | Project | R28,000Contact for pricing 🔒 Sign in |
Important: POPIA (Protection of Personal Information Act 4 of 2013) is mandatory for ALL South African businesses that collect, store, or process personal information. Non-compliance can result in fines of up to R10 million or imprisonment. The Information Regulator is actively enforcing. If you are unsure of your obligations, contact us today.
| Code | Service | Type | From |
|---|---|---|---|
| IMP-007 | POPIA Full Compliance Assessment | Project | R25,000Contact for pricing 🔒 Sign in |
| IMP-008 | POPIA Compliance Implementation Programme | Project | R55,000Contact for pricing 🔒 Sign in |
| IMP-009 | POPIA Compliance Toolkit (Product Pack) | Fixed | R7,500Contact for pricing 🔒 Sign in |
| IMP-010 | GDPR Gap Analysis & Implementation | Project | R65,000Contact for pricing 🔒 Sign in |
| IMP-011 | Outsourced Information Officer (IO) Services | Retainer | R8,000 / monthContact for pricing 🔒 Sign in |
| IMP-012 | Privacy Impact Assessment (PIA / DPIA) | Project | R18,000Contact for pricing 🔒 Sign in |
| IMP-013 | PAIA Section 51 Manual Development | Fixed | R12,000Contact for pricing 🔒 Sign in |
| IMP-014 | Data Breach Response Plan | Project | R15,000Contact for pricing 🔒 Sign in |
| IMP-015 | Annual Data Protection Compliance Audit | Fixed | R30,000Contact for pricing 🔒 Sign in |
| Code | Service | Type | From |
|---|---|---|---|
| IMP-016 | Corporate Governance Assessment (King IV) | Project | R35,000Contact for pricing 🔒 Sign in |
| IMP-017 | Enterprise Risk Assessment & Register (ISO 31000) | Project | R35,000Contact for pricing 🔒 Sign in |
| IMP-018 | Internal Controls Design & Review | Project | R30,000Contact for pricing 🔒 Sign in |
| IMP-019 | Compliance Programme Development | Project | R45,000Contact for pricing 🔒 Sign in |
| IMP-020 | ESG Reporting Framework Design | Project | R40,000Contact for pricing 🔒 Sign in |
| IMP-021 | Business Continuity Plan Development | Project | R30,000Contact for pricing 🔒 Sign in |
| IMP-022 | Annual Governance & Compliance Health Check | Fixed | R30,000Contact for pricing 🔒 Sign in |
Four Programmes for Four Different Starting Points
Our compliance programmes are designed for specific organisational profiles and starting points — from foundational POPIA compliance to end-to-end enterprise programmes.
POPIA Essentials Pack
Includes
- POPIA Full Compliance Assessment — IMP-007
- POPIA Compliance Toolkit — IMP-009
- Information Officer Training
- Privacy Policy Development
Operational Excellence Sprint
Includes
- Process Efficiency Audit (Lean Six Sigma) — IMP-001
- 5 × SOP Development — IMP-002
- KPI Framework Design
- Continuous Improvement Programme — IMP-005
Governance Foundation Bundle
Includes
- Corporate Governance Assessment (King IV) — IMP-016
- Enterprise Risk Register (ISO 31000) — IMP-017
- Internal Controls Design & Review — IMP-018
- 5 × Policy Development
Full Compliance Programme
Includes
- POPIA/GDPR Implementation — IMP-008 / IMP-010
- ISO 9001 Readiness Assessment — IMP-004
- Enterprise Risk Assessment — IMP-017
- Annual Data Protection Audit — IMP-015
100% Success Rate. Zero Audit Failures.
Compliance Frameworks We Deliver
"The POPIA compliance programme was comprehensive, practical, and delivered without the jargon. Our team actually understands our obligations now. Zero audit flags."
— Nomvula T., Healthcare Sector"The enterprise risk register transformed how our board thinks about operational risk. From vague concern to structured, actionable intelligence."
— Sipho L., Financial ServicesQuestions About Compliance & Governance
Is POPIA compliance mandatory for my business?
Yes. POPIA applies to every private and public body in South Africa that processes personal information — including collection, storage, use, sharing, or deletion. There are no size-based exemptions. If your business has a website with a contact form, a customer database, employee records, or marketing email lists, POPIA applies to you.
What happens if we fail a POPIA audit?
The Information Regulator can issue enforcement notices requiring remediation within a specified period. In serious cases, the Regulator can impose administrative fines of up to R10 million, and refer matters to the National Prosecuting Authority for criminal prosecution — which carries a maximum sentence of imprisonment. The Regulator is actively investigating and enforcing. Acting now is significantly less costly than acting after a finding.
How long does POPIA compliance take?
A basic POPIA Essentials programme — covering assessment, toolkit, privacy policy, and consent framework — typically takes 4–6 weeks. Full implementation including policies, staff training, IO appointment, data mapping, and systems configuration can take 3–6 months depending on your current state, organisation size, and data processing complexity. We provide a clear timeline estimate after your discovery session.
What is an Information Officer?
Every South African organisation that processes personal information is legally required to appoint an Information Officer (IO) and register them with the Information Regulator. The IO is responsible for POPIA compliance, handling Data Subject Access Requests (DSARs), managing data breaches, and liaising with the Regulator. Where organisations lack internal capacity, Kaymerc X provides an Outsourced IO service (IMP-011) — delivered by a qualified DIO (Diploma in Information Officer) certified practitioner.
Do you handle GDPR as well as POPIA?
Yes. For businesses with European clients, employees, or data subjects, GDPR obligations apply in addition to POPIA. This is a common situation for South African technology companies, professional services firms, and export businesses. We deliver GDPR gap analysis and implementation programmes (IMP-010) and can map the overlap and divergence between POPIA and GDPR to avoid duplication and ensure full coverage.
What is King IV governance?
King IV is South Africa's corporate governance code, applicable to all organisations — not just listed companies. It covers board accountability, ethical leadership, risk governance, internal audit, stakeholder relations, and integrated reporting. King IV operates on an apply-and-explain basis. Our Corporate Governance Assessment (IMP-016) benchmarks your organisation against King IV principles and produces a governance improvement roadmap with board-ready reporting.
How is Lean Six Sigma relevant to compliance?
Compliance failures are almost always process failures — inconsistent procedures, unclear ownership, inadequate controls, or manual processes with no audit trail. Lean Six Sigma Black Belt (LSSBB) methodology identifies the root causes of process failure and builds sustainable, measurable improvements. When we fix compliance, we fix the underlying process. This is why our clients don't come back with the same audit finding twice.
What is an Outsourced Information Officer?
An Outsourced IO is a qualified, certified professional who acts as your organisation's registered Information Officer — without you needing to hire a full-time compliance resource. Kaymerc X provides a DIO-certified practitioner who handles POPIA obligations, manages Data Subject Access Requests (DSARs), coordinates your data breach response, maintains your PAIA section 51 manual, and liaises with the Information Regulator on your behalf. This service starts from R8,000/month (IMP-011).
Impact Works Best With These Divisions
Compliance is rarely an isolated discipline. These divisions most commonly work alongside Impact to deliver complete, enterprise-grade outcomes.