What is POPIA?

South Africa’s new data privacy framework is the Protection Of Personal Information Act. It establishes a minimal baseline for privacy regulation in all industries. It applies to those who are based in South Africa as well as those who are only processing data there. POPIA regulates the “processing” of personal information and applies to everyone in South Africa who retains any type of record relating to anyone’s personal information. Collecting, receiving, recording, organizing, retrieving, or utilizing personal data; or disseminating, distributing, or making such personal data available are all examples of processing personal data.

What are the requirements for compliance with POPIA?

In order to comply with POPIA, a company or organization must:

  • Appoint an Information Officer to be responsible for POPIA compliance. When data subjects or the Information Regulator make privacy requests to the organization, the Information Officer responds to them. Organizations must ensure data subjects have a clear channel to access and make requests regarding their Personal Information.
  • Define a lawful basis for processing and handling Personal Information that is relevant and not excessive to the purpose. Document all processing activities. Have all necessary security controls in place, especially for cross-border transfer.
  • In the case of a security compromise, organizations will need to be transparent and notify the relevant data subjects and the Information Regulator as soon as is reasonably possible and take steps to mitigate any adverse consequences.

Why should you be POPIA compliant?

Data privacy has always been important and POPIA is ensuring the protection of personal information and identity in South Africa. Compliance with POPIA enables people to engage with businesses and organizations safely, and increases trust. Abiding by data privacy laws is also a preemptive step to protect data from potential threats. Failure to comply with POPIA may result in hefty fines of up to 10 million Rand and possible prison time, depending on the severity of the instance.

How do you achieve compliance with POPIA?

The first step to achieve POPIA compliance is to appoint an Information Officer and conduct a personal information impact assessment. The Centraleyes platform can jump-start your company’s compliance with POPIA and automate all of the manual work around data collection, analysis and remediation. Our questionnaires cover all areas of POPIA compliance and can be the basis of your personal information impact assessment. Our remediation center will clearly display where to focus your efforts and the steps to full compliance. Centraleyes will keep your information organized and can generate advanced reports, easily accessible when needed for the Information Regulator or data subjects. You can analyze and visualize your progress with the touch of a button, gaining an unparalleled view of your risk and compliance levels with insights and actionable outputs. 

Read more about POPIA:

Start implementing POPIA in your organization for free

Related Content


What is the Virginia Consumer Data Protection Act? Gov. Ralph Northam, a Democrat from Virginia, signed…

Personal Information Privacy Law (PIPL) of China

What is PIPL? Personal Information Privacy Law (PIPL) is the new Chinese data privacy law that…

Nevada Privacy Law

What is the Nevada privacy law? The Nevada Revised Statutes on Security and Privacy of Personal…
Skip to content