search icon

What is POPIA?

It is the Protection of Personal Information Act, a law passed by the South African parliament, which sets the conditions that you must follow to lawfully process the personal information about persons.

“To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.”

Everyone in South African has to try to protect the personal information they process. POPIA sets conditions that any person who processes personal information must comply with. POPIA aims to protect the personal information of people (like consumers and employees) so that they do not become victims of things like identity theft, which can have very serious consequences. However, POPIA does not aim to stop the free flow of information. It recognises that there needs to be a balance.

Key points and possible actions:
Be responsible when processing personal information
Take practical effective steps to protect it whenever possible

 

Why did POPIA come into existence?

POPIA protects people from harm (both physical and loss of money) by requiring those who process our personal information to protect it. For this reason alone, POPIA is important.

The protection of personal information is definitely needed now, more than ever. With the rise of computing power and devices like tablets and smart watches, personal information is at greater risk than ever before. POPIA will enable personal information to be transferred to South Africa, which will bring economic benefits for the country.

 

Does POPIA apply to everybody?

Yes, virtually everybody*. POPIA applies to everybody who processes personal information. It applies to all public and private bodies. Process is defined extremely broadly. In terms of POPIA processing means any operation or activity (either automated or not) that involves the collection, receipt, recording, organisation, collation, storage, updating, retrieval, dissemination, distribution, merging and degradation or erasing of data.

* Check POPIA for those exempted from its application

Key points and possible actions:
POPIA applies to virtually everybody
POPIA has a big impact on anybody in the financial services, healthcare or marketing sectors

 

Click here to see our POPIA plain language guide

For more information, link to the Information Regulator of South Africa website : https://www.justice.gov.za/inforeg/

 

Learn more about POPIA

 

Sage POPIA resources

 

Sage POPIA legal disclaimer

  • The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice.
  • We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own professional advice if they are unsure about the implications of the POPIA on their businesses.
  • We would like to stress that there is no substitute for customers conducting their own detailed investigations or seeking their own professional advice if they are unsure of the implications of POPIA on their businesses.
  • Sage will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise, from the use of or reliance on this information or from any action or decisions taken as a result of using this information.