Business Solutions for you - POPIA are you ready?

The Protection of Personal Information Act (POPIA) comes into effect on 1 July 2021. We are fast approaching the compliance deadline and we highlight below the important privacy areas which your organisation should be focusing on in readiness for the implementation of POPI.

We trust that you will find the information provided below beneficial to you and your business.


  • Provides that everyone has the right to privacy
  • This right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information
Kim Peddie

Who does the POPI Act apply to?

The POPI Act applies to any entity processing personal information as follows:

  • Any personal information collected from an individual directly or indirectly
  • That can identify that specific individual
  • By the responsible party (a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information)

Or the operator (a public or private body or a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party, of a data subject).

Are there penalties for non-compliance?

The risks of non-compliance include reputational damage and fines up to R10m.

When is POPIA effective from?

POPI came into effect on 1 July 2020. A grace period of 12 months was provided to get organisations POPIA compliant by the deadline of 1 July 2021. POPIA will be regulated by a new Information Regulator while within your organisation, you have to appoint an Information Officer to be the key person to ensure compliance.

Mthoko Luthuli

What does POPIA do?

POPIA sets out conditions for responsible parties to lawfully process and safeguard the data subjects personal information. The POPIA does not stop you from processing but requires you to get consent from data subjects to process their personal information. The responsible party is also responsible for a failure by their operators to meet the conditions. The POPIA will assist in streamlining your data collection, retention of data and protecting data subjects from harm, like theft and discrimination.

How can we help you?

The first step to compliance it to set up a compliance framework to meet the requirements of the POPIA and keep your client’s personal information safe and secure.

Contact us to help you:

  1. To set up this framework in order to meet your individual entity’s needs; and
  2. Assess your data cycle for greater efficiency and compliance.
Janene Hathorn Bodmann