POPI Compliance

What is the aim of POPI Act?

a. To promote the protection of our personal information when it is given to private and public bodies for processing.
b. To introduce certain conditions in order to establish minimum requirements when processing personal information.
c. To establish a code of conduct for the processing of personal information.

What is personal information?

a. Gender, race, marital status, nationality, sex, mental health, religion, belief, language – any information that can identify you as an individual person.
b. Education, financial, criminal, medical and employment history.
c. Biometrics – physical, behavior, physiological characteristics.
d. E-mail address, telephone number, location information.
e. Any correspondence of a private nature.
f. An individual’s name – if the name could lead to the reveal of information about the individual.

Who must comply with POPI Act?

a. Any private or public individual who regulates or processes personal information.
b. Every company / organization must have a “Responsible Party” who is to ensure and enforce compliance with the Act.
c. Each company / organization must implement a Personal Information Policy highlighting and structuring the processing of personal information.
d. A mandate or agreement must be implemented by the Responsible Party regarding the processing of personal information.

What happens if you are not POPI Compliant?

a. Potential risk of ruining your company / organizations reputation
b. Non-compliance could also result in a penalty or fine of R10 Million and / or imprisonment of up to 10 years – depending on the severity of the information breach.

Who is permitted to be the information officer?

a. Anyone within your company / organization.
b. The Information Officer can be a full-time or part-time role.

What are the condition for processing information:

a. The Act stipulates 8 principles that must be complied with when processing information, namely:
i. Accountability;
ii. Participation of data subject;
iii. Information quality;
iv. Openness;
v. Processing limitation;
vi. Purpose specification; and
vii. Security safeguards.

When must you be fully compliant?

a. The Act comes into effect of 1 July 2021.
b. Companies have until 30 June 2021 to have policies put in pace dealing with the regulation, processing and storage of personal information.


Official POPI Compliance Documentation
We use cookies to improve your experience on our website. By continuing to browse, you agree to our use of cookies