Do You Comply with the PoPI Act?

Most companies are aware that the PoPI Act is around the corner. The purpose of this act is to ensure South African companies and institutions take care of client person information. The act forces companies to be responsible when they collect, manage, process, share or even store your personal information. The act holds the receiving entity accountable for any compromise, abuse or even breach of  personal information. In short, the act considers your personal information to be “precious goods.” With the rise of identity theft in South Africa, we believe the act is a necessity.

Unfortunately, in most cases, simply receiving sensitive data from your client via email will not be considered sufficient protection. There is not a lot of security in traditional email transmission. The act requires all entities to take as far as reasonable care to ensure protection of their clients. The good news is we considered the act when we designed our system.

Some of the important points regarding PoPI compliance you need to know:

  1. You need to ensure you actively safeguard your client’s personal information
  2. You need to encrypt data where possible, during transmission and storage
  3. You need to get nothing but the relevant information from your client
  4. You need to store data in a responsible manner
  5. You need to explain what the data will be used for
  6. You need to share information responsibly within your company
  7. You need to ensure data is password protected
  8. You need to make the information accessible to your client on demand
  9. You need to ensure that only relevant parties have access to information
  10. You need to have unique identifiers for data subjects
  11. You need to discard of information once the purpose was concluded

With the above said, our software was designed with PoPI in mind. This is just one of many benefits of using our service. We cover all the above requirements with our software. We use state of the art encryption with all our data transmissions. All our accounts are password protected and stored in a safe and secure cloud. Your client can see exactly what documents you have in your possession. You can even explain in the file description what you intend to do with the specified file. Our system is a great solution to PoPI. Using our service is the first step to ensuring your clients are protected.


Examples of “personal information” include:

  • Identity documents and even numbers
  • Telephone numbers
  • Email addresses
  • Date of birth and even age
  • Physical address
  • Employment history
  • Pay slips and any other salary information
  • Photos, voice recordings, video footage, etc.
  • Marital/Relationship status and Family relations
  • Gender, Race and Ethnic origin
  • Private correspondence
  • Religious or philosophical beliefs
  • Any Financial information, etc.

In most cases, companies who transmit client documents online will have to be PoPI compliant. It’s not just the big corporations who have to comply. Simple mom and pop operations will have to take the same care of personal information.

FAQ About the PoPI Act

Below are some questions and basic answers regarding the PoPI act.

  1. What if I do not comply?

There are sever repercussions if you do not comply with the act. Non-compliance could expose the responsible party to a fine of R10 Million and/or imprisonment of up to 10 years.

  1. Is there a grace period once the act comes into place?

Yes, once the act comes into force, companies will have 365 days to comply. However, we strongly suggest you get everything in place as soon as possible. Although technology can solve a lot of the requirements, some procedures will be more difficult to resolve and comply. You need to educate your staff and make sure your all your other processes comply.

  1. What about data stored before the act comes into force?

Responsible entities will have to ensure all data is protected, even if received before the act came into force. In short, you will have to protect future and historic data and treat both with the same respect.

  1. Why should I comply with the act?

There are too many reasons to mention all. Firstly, it build customer confidence, secondly it improves reliability in your company and lastly, it reduces the risk of breach or compromise. At the end of the day, you are protecting your customer and yourself.

  1. Who is affected by this legislation?

The answer is very simple – everybody. Every business will have to comply. It is the responsibility of the entity to make sure they align themselves with the requirements of the act, or face the consequences.