The Protection of Personal Information Act, 2013 (Act 4 of 2013)

The Protection of Personal Information Act, 2013 (PPI Act) aims to promote the protection of personal information processed by public and private bodies by, among others, introducing certain conditions for the lawful processing of personal information so as to establish minimum requirements for the processing of such information.

The Information Regulator (South Africa) is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the PPI Act.

POPI Compliance is thus ensuring that you meet the guidelines and requirements provisioned in the Act. For a full copy of the Act you can download it here.

Part of ensuring you have done everything reasonable to ensure compliance, is to perform a Privacy Impact Assessment (PIA) of your business. This will provide you with a percentage score of how compliant your business is as well as to provide you with usable remediation on how to become compliant.

While business sizes clearly differ and the way in which subject data is held differs too, the important thing is to ensure that you don’t get into a situation which could severely harm your business in the future.