8 Jul 2020 | Articles

Protection of Personal Information Act POPIA

Howard Freeman

Howard Freeman

Protection of Personal Information Act

On 24th June 2020, the Republic of South Africa passed into law the final part of the Protection of Personal Information Act.

The South African Protection of Personal Information Act has finally come into force. Now this is good news for South African citizens and residents as the legislation aims to protect their personally identifiable information [PII]. This applies when it is collected by public and private entities in the country.

POPIA compliance enforcement is likely to be ruthless 

POPIA was first passed into law in 2013, before the EU’s GDPR came into existence. Parts of POPIA came into effect in 2014 and may feel it has been a long time coming. Since those initial sections came into effect six years ago, observers have speculated on when the act would come into full force. From sometime in 2019, to 1st April of this year to 1st July when the legislation did come into force.

POPIA Principles

There are eight principles to POPIA, they are as follows:

  • Accountability
  • Processing limitation
  • Purpose specification
  • Further processing limitation
  • Information quality
  • Openness
  • Security safeguards
  • Data subject participation

In light of this, can your business demonstrate it meets all these requirements? Do you have documented proof of being able to do so? If you cannot, you are not compliant to the regulation.

The government has now offered a one year grace period for businesses to become compliant. Furthermore, they [the government of South Africa] has made it very clear that non compliance will not be tolerated. Fines for data breaches will be quickly applied and collected. We expect POPIA compliance enforcement to be ruthless. Given how long businesses have had to prepare for this moment, it is not surprising

Therefore, if you process data for commercial reasons, then you must comply.

Don’t know where to start?

We have many years experience in helping businesses comply regulations. These include the Data Protection Act 1998 and 2018, PAIA, HIPPA, HIPAA, GDPR and many other certifications and regulations including conformity to ISO standards.

We are a full service business which means we will take you right the way through the POPIA compliance process. We do everything for a fixed price so there are no nasty surprises along the way. You can find more detail on our services here.

So, if you would like to discuss your options then you can book a call here (Zoom). The call is free and without obligation and could save you a lot of time, effort and pain.


Can we help?