Guest Article: POPI Act – What to know is easy – What to do is a slightly different story

THE PROTECTION OF PERSONAL INFORMATION ACT, 4 of 2013 “POPI Act” 29 April 2021 to 30 June 2021 = 62 days to compliance deadline

What to know is easy – just read the Act. What to do is a slightly different story…

The POPI Act is “new” legislation, centred around privacy. It aims to safeguard the integrity and sensitivity of personal information. Businesses are required to carefully manage the data capture and storage process of personal information.


In conjunction with an experienced data privacy management expect, design a POPI compliance programme

  • Registration of an Information Officer (“IO”) and Deputy Information Officer (“DIO”);

The Information Regulator has specified that registration will be live by the end of April 2021, and the registration process will commence on 1 May 2021. The Information Regulator urges all responsible parties to use the online registration process instead of the manual process. Once registered, the contact details of all IOs and DIOs will be available on the Information Regulator’s website

  • Document what personal information is currently held, where it comes from, how it is used and who it is shared with;
  • Conduct a current status risk assessment / information audit to establish the data protection compliance level;
  • Produce a POPI Act policies and procedures manual; and
  • Put procedures in place to monitor and enforce compliance.

To conclude, businesses should implement compliance with the POPI Act in such a way that it delivers value, i.e. it does not become a financial burden, but rather allows for improvements in efficiencies and effectiveness, done in a way to meet the compliance requirements.

Sheri-Leigh Pienaar
WerthSchröder Inc

This article was brought to you by WerthSchröder Inc. A member of the Austrian Business Chamber.

Share This