At this point, it is likely that you have become aware of the Protection of Personal Information Act (or POPIA). While you may have heard of it, the real question is whether or not you understand it. It is absolutely essential that you know the details of the act as failure to comply can result in substantial legal consequences for your company. This article aims to be a brief guide to POPIA, how it will affect your business and what changes you will need to make to ensure that you and your customers are protected.

A Simple Guide to the Protection of Personal Information Act

POPIA is the new South African data protection law. At its core, it intends to guarantee that people are sheltered from harm by making sure that their personal information is not misused. Broadly speaking, the act requires that people have the following rights:

  1. The right to be notified if their information is being processed.
  2. The right to be notified if their information is accessed by an unauthorised person.
  3. The right to ask if an entity holds their personal information, to see that information and to insist on correcting or deleting their information.
  4. The right to object to their personal information being processed.
  5. The right to object to their personal information being used for marketing purposes.
  6. The right not to have automated decisions made on their behalf.
These new regulations set the conditions for when it is lawful for personal data to be accessed. It is intended to stop money and identity from being stolen, as well as being a general safeguard for privacy. With the basics covered, it is now important to understand how POPIA will affect your business and what changes you will need to make.

How Your Business Will Need to Adhere to POPIA

To begin, your company will now need to receive consent before they obtain, retain and process personal information for any purpose. Personal information can include (but is not limited to) contact data, demographic details and even communication records. Businesses will also be limited as to what they can obtain from individuals. They will not be allowed to process religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, or biometric data.

Anything that is collected must come directly from the individual and must only be used for a specific purpose. Furthermore, records must not be kept for longer than required to achieve the original purpose. All collections must be clear and transparent, with the ability for individuals to withdraw consent at any point. 

These are just a few of the points that businesses will need to pay attention to. The full POPIA guideline is far more detailed and will need to be analysed completely in order to allow for full compliance. Should you fail to follow these laws, the penalties can be costly.

The Consequences of Failing to Follow POPIA

The legal penalties for failing to comply with POPIA prove that the government is taking any infractions very seriously.  You may be fined up to R10 million or imprisoned for up to 10 years. In certain circumstances, both a fine and imprisonment can be enforced co-currently.

Even if the above punishments aren’t applied, non-compliance means that you run the risk of damaging your reputation and losing your customers. However, with all this in mind, these consequences should not be the main reason that you follow POPIA. It should always be the protection of people’s rights that persuade you to implement the new guidelines. 

At iX, all our clients obey the rules set out by POPIA. We have made sure that all parties are guarded against unlawful use of data. Contact our team today and learn how we can help you gain full POPIA compliance.

For a comprehensive breakdown of the act, please visit the official POPIA government page: