PoPI Act Top 5

  1. The PoPI act was passed in 2013. It’s purpose is to establish the minimum requirements on how public and private bodies process and use personal information.
  2. PoPI was created in line with the South African Constitutional Right to privacy and global data privacy regulations.
  3. The act is expected to fully commence by the end of 2019.
  4. In a nutshell, if you use social media or online advertising tools for your business you need to comply with PoPI.
  5. At a maximum, failure to comply with PoPI could result in a fine or jail sentence.


It has been six years since the Protection of Personal Information Act (PoPI) was passed. Since then, a number of regulatory processes have had to happen before PoPI can be enforced.

The general consensus is that full enforcement of the act will commence before the end of 2019. Once that happens all businesses will have two years to become fully compliant or face serious penalties.

Therefore, the big question is, are you and your company ready? Here are the top things you need to know about PoPI and its effect on your business.

What is PoPI?

The Constitutional right to privacy is the main foundation of the PoPI Act. It specifically deals with how public and private entities use and process your information. Personal information includes your name, surname, age, gender, race, ID number, personal beliefs, medical history, salary and contact information.

An independent regulator will ensure PoPI’s minimum requirements are being met by the responsible parties i.e your business.

Why is it Important for people?

The way we live is becoming more digital. Our personal information is no longer only in our ID Books and papers kept in a safe. Our core communication, banking and shopping can now be done on digital platforms. Therefore, as individuals it is important that our personal information is protected by law.

Above privacy issues, PoPI also helps protect us from cybercrime and unsolicited communication via email, telephone or text.

Why is it important for business?

When it comes to business, the PoPI act is in line with the introduction of data protection laws globally. Similarly, Europe have the General Data Protection Regulation (GDPR) which has been in effect since May 2018.

This act may also affect you should you deal with customers who live in the EU. Major corporations such as Google are currently facing fines of 50-million Euros for not complying with the GDPR.

Additionally, following data protection laws ensures that your business remains trustworthy in the eyes of customers and business partners. This trust will be built on the fact that they know their information will be kept safe if they give it to you. Failure to comply could lead to a loss of reputation, which can have direct implications on your success. Local and global business opportunities could also be affected as complying businesses will be less likely to partner with non-compliant businesses.

How do I know if I have personal information?

If you engage with your customers through a social media page or use online advertising tools you most likely have people’s information. Advertising tools include Google Analytics, Adwords, social media advertising and sending email newsletters. If you have any kind of client database (digital or physical) PoPI is relevant to you.

What happens if my business does not comply?

Depending on the degree to which you don’t comply, a fine, a jail sentence or both can be issued. The maximum fine for offences against the PoPI Regulator is set at R10-million. The maximum jail sentence is set at 10 years.

The road to PoPI being enforced does seem to be taking longer than expected. The fact is that it will eventually become a reality with real consequences for your business. It is best to be prepared rather than lagging behind. As a responsible business owner, you need to ensure your company is following the law. Doing so will protect both your client’s privacy and your company’s ability to do business in the digital world.