What Is POPIA?

POPIA (Protection of Personal Information Act, 2013) is South Africa’s data protection law, aimed at protecting personal information processed by public and private bodies…  Companies, Living People, Trusts, Closed Corporations, Sole Proprietors

POPIA came into effect on 1 July 2020, with a 12-month grace period. The cost of non-compliance from 1 July 2021 comes with severe penalties including:

  • A fine or imprisonment of between R1 million and R10 million or one to ten years in jail
  • Financial compensation for damages suffered by data subjects


  • Promotion of Access to Information Act (PAIA)
  • Compiling an information manual as required by the Act
  • Submission of the manual to the Human Rights Commission and regulatory body
  • Providing an electronic manual for publication on entities’ websites
  • Protection of Personal Information Act (POPIA)
  • Assisting the entity to comply fully with the following procedures as required by the Act:
  • Compiling a policy document regulating the above
  • Regular updates
  • Assistance with any disputes regarding the implementation of the Act
  • Webinars for Information/Deputy Information Officers
  • Online Training for Information/Deputy Information Officers
  • Updating the manual on a regular basis
  • Submission and publication of updates
  • Assistance with enquiries and requests in terms of the Act.

POPIA Compliance

When navigating POPIA compliance, these 8 principals need to be addressed.

Principle 1
Principle 2
Processing Limitation
Principle 3
Purpose Specification
Principle 4
Further Processing Limitations
Principle 5
Information Quality
Principle 6
Principle 7
Security Safeguards
Principle 8
Data Subject Participation

For more clarity on the 8 principles contact us!

What are the consequences of non-compliance?

Administrative Penalties – Fines of up to R10 million and/or 10 years in Prison per incident.

Enforcement Notices – Stops businesses from processing any and all personal information.

Civil Actions – Data Subjects can sue for distress pay outs and damages.

General Damages – Loss of Revenue due to loss of customers, brand damage and reputational harm.

Our Solution

Popia Compliance is a very daunting task, however, with our knowledge and expertise, we will create, train and implement the processes and controls to ensure your compliance. Our POPIA Compliance manual will implement measures to ensure that you only collect, use, store, delete and handle personal information in regulated ways and that it is adequately protected from unauthorized access, loss or damage.

Based on your unique requirements we have various staged packages to address your privacy policy and data protection policy which will be tailor made to suit your business and your business requirements.


To find out more about what we can offer your business