The Protection of Personal Information Act (POPIA) will be in full force from 1 July 2021. The Act has far-reaching consequences for all organisations that work with the personal information of others, and the impacts of non-compliance can be severe.

What is Popia ?                                                   


The POPI Act is a new all-inclusive piece of legislation, a privacy law,  that safeguards the integrity and sensitivity of private information. Companies are required to carefully manage the data capture and storage process of Personal Information.

The definition of Personal Information as set out in the POPI Act is as follows:

‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person.
  2. information relating to the education or the medical, financial, criminal or employment history of the person.
  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other assignment to the person.
  4. the biometric information of the person.
  5. the personal opinions, views, or preferences of the person.
  6. correspondence sent by the person that is implicitly or explicitly of a private 15 or confidential nature or further correspondence that would reveal the contents of the original correspondence.
  7. the views or opinions of another individual about the person; and
  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information 20 about the person.

The Act ensures that Personal Information of both individuals and juristic entities is sufficiently protected, used in a manner for which it was gathered and that facilitates transparency around the following:

  • What is done with the personal information.
  • Why and how it is processed (from collection, to usage, sharing, disposal, archiving, etc).
  • Who the personal information is shared with (third parties – both locally and internationally, other legal entities)
  • What types of personal information is processed and for what purpose.
  • Privacy is about ensuring that both individuals and juristic entities are aware of what is being done with their personal information. The South Africa Constitution emphasizes the right to privacy. This means that ultimate ownership of the personal information resides with the individual/juristic entity concerned.

What is the penalty for not being compliant ?

If you fail to comply with the POPI Act, whether intentional or accidental, you can be liable for an administrative fine of up to R10 million. If your clients are impacted by a data breach, POPIA even empowers them to take civil action for damages.

Vizi Solutions has been pro-active to get ourselves ready by 1 July 2021

Are you ready ?

Share on facebook
Share on linkedin

Leave a Reply