POPI Act in South Africa explained by our Attorneys | Legal Articles

Cape Town Legal Correspondents

Contact Us on 021 422 4963 / [email protected]

Debt Collections

Contact Us on 021 422 4963 / [email protected]

Civil Litigation

Contact Us on 021 422 4963 / [email protected]

Divorce & Family Law

Divorce & Family Law

Contact Us on 021 422 4963 / [email protected]


POPI Act in South Africa explained by our Attorneys

POPI and POPIA – What’s the Difference?

POPI stands for protection of personal information generally, while POPIA (or the POPI Act) stands for the Protection of Personal Information Act, 4 of 2013 – the actual legislation. Both terms are often used interchangeably and in essence refer to the same thing, that is, the Act that regulates the protection of personal information in South Africa.

The Protection of Personal Protection (POPIA) Act, 4 of 2013, has introduced recent amendments in which certain significant sections (Sections 2 to 38; 55 to 109; 111; and 114 (1), (2) and (3)) took effect from 1 July 2020.

Compliance is fully enforceable one year thereafter – 1 July 2021.

POPI Act in South Africa

POPI Act in South Africa

The legislation was enacted to promote protection of sensitive information by public and private bodies, the most essential elements of the Act are now in force which namely deal with the following:

  • Lawful processing of personal information and its conditions,
  • Rights of data subjects,
  • Duties and responsibilities of the Information Officer,
  • Codes of Conduct,
  • Procedural requirements for handling complaints, direct marketing, and unwanted electronic correspondence.

How does the POPI Act affect Businesses in South Africa

To balance the right to privacy with others such as the right to access to information, businesses will need to ensure correct compliance with POPIA as the Information Regulator begins to fulfil their duties.

Businesses need to obtain consent from individuals before information may be collected, processed, or stored. In addition, marketing strategies like electronic communication to individuals may only be done so with their express consent.

A greater of standard of accountability is further necessary to ensure personal information is collected, processed, stored, and shared in a lawful manner with the appropriate safety measures. Safety from data breaches and theft mean that businesses are now charged with taking “appropriate, reasonable, technical and organisational measures” to mitigate the potential loss or theft of data.

Therefore, it is better for businesses to avoid unnecessarily obtaining personal information. Where it is necessary – IT support can ensure electronic data is kept safe with staff access only. Where information is no longer needed, it can be safely and secured discarded.

Businesses ought to be alert to the processes and rules that offer further guidelines. An Information Officer must be registered with the Information Regulator – this position will be designated to the head of a business. Once registered, they can fulfil their duties in ensuring that the business has taken necessary and sufficient steps to comply with the Act.

Bailey Haynes Inc. Attorneys in Cape Town

Non-compliance with the Act can result in a fine or even imprisonment. It is vital that businesses protect their client’s information which has been entrusted to them, while in the same vein, protecting themselves.

Contact our attorneys in Cape Town for expert legal advice.


Got something to say? Join the discussion »

Leave a Reply

 [Quick Submit with Ctrl+Enter]

Remember my details
Notify me of followup comments via e-mail


Get the latest updates in your email box automatically.