The purpose of the Protection of Personal Information Act (POPIA) is to give effect to Section 14 of the Constitution which provides for the right to privacy.  Therefore, making it South Africa’s data protection law.


The aim of this Act is essentially to protect the personal information of citizens, which is obtained and processed by both public and private bodies. It also attempts to stop money theft, to eliminate identity theft and largely to protect privacy, being which is a fundamental human right.


The POPI Act commenced on 1 July 2020 with a grace period of 12 months to get your organisation POPI compliant. The deadline for this will be 1 July 2021.


Businesses and individuals therefore have less than 4 months in which to fully comply with the provisions of the Act.


Failure to comply with the Act may result in reputational damage, a decrease in new customers, as well as loss of customers and employers.


The more severe consequences of non-compliance may include the payment of a fine of up to R10 Million, imprisonment of up to 10 years or the payment of compensation to affected data subjects.


There are certain steps that you need to take in order to become POPI complaint. These include but are not limited to the following:


  • Ensure compliance with the 8 Conditions of Lawful Processing of Personal Information.
  • Appoint and register an Information Officer with the Information Regulators.
  • Ensure that there are adequate security measures are in place to protect your customers and staff members information.
  • Provide employees with adequate training and education on how to store customers information.
  • Update your Company’s code of conduct.
  • Only collect information which is relevant to your company and only share this information when you are lawfully required to do so.
  • Prepare POPI compliant consent forms for clients to sign.


It is therefore important that businesses / entities etc ensure that they are POPI compliant as of 01 July 2021 in order to give effect to the rights of the data subjects.


Don’t wait until the last minute – contact Greeff Attorneys for assistance with this very important piece of compliance.



Disclaimer: The material contained in this document is provided for general information purposes only and does not constitute legal or other professional advice. We accept no responsibility for any loss or damage which may arise from reliance on information contained in this article.