What is POPI Compliance?

The Protection of Personal Information Act, 2013 (Act 4 of 2013)

The Protection of Personal Information Act, 2013 (PPI Act) aims to promote the protection of personal information processed by public and private bodies by, among others, introducing certain conditions for the lawful processing of personal information so as to establish minimum requirements for the processing of such information.

The Information Regulator (South Africa) is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the PPI Act. 

POPI Compliance is thus ensuring that you meet the guidelines and requirements provisioned in the Act. For a full copy of the Act you can download it here.

Part of ensuring you have done everything reasonable to ensure compliance, is to perform a Privacy Impact Assessment (PIA) of your business. This will provide you with a percentage score of how compliant your business is as well as to provide you with usable remediation on how to become compliant.

While business sizes clearly differ and the way in which subject data is held differs too, the important thing is to ensure that you don’t get into a situation which could severely harm your business in the future.

How can you prevent this?

We have tried to make it as easy as possible to ensure that you know the state of your compliance by providing an easy to use Q and A (PIA) on this site. The Q and A is made up of roughly 145 questions with simple yes/no answers in most cases. Once complete the site will generate your report which will give you a compliance score and offer your remediation steps to become more compliant. Note though, that just because you have completed the (PIA) does not mean that you have finished. It is reliant on your taking the remediation steps to become compliant. While not everyone will always be 100% compliant, if you have done everything you can to become compliant then you are most of the way there.

What are the costs?

The online (PIA) will cost you R7500 excl. VAT. You will need to register on the site, follow the easy instructions (be sure to check your email inbox), use our online secure payment gateway to make your purchase, where after you will gain access to the (PIA), be able to go through the report and save your progress, and once complete be able to print to PDF to ensure that you have a copy of the report with remediation steps.

What are the risks if you choose not to care?

Lots of people and businesses have said, “It will never be enforced!” or “I don’t need to do it. My customer data is safe.” Well for some you may be right. But what if you are not? What are the consequences? 

They are very real and in the most severe of cases could result in fines of up to R10m per data breach or 10 years in jail per data breach! A data breach is one data subject’s information. Every one of us is considered a data subject. While fines and prosecution of this nature this will be the exception rather than the norm, would you want that potentially happening to you?