The Protection of Personal Information Act (or POPI Act) in Short

The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. All businesses with employees, customers and suppliers must comply with the Protection of Personal Information Act (often called the POPI Act or POPIA) which comes into effect on 1 July 2021.

It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions. The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.

Under POPI, a business must be able to justify why it holds personal information based on one of the several justifications set out in POPI. This is a good opportunity for a business to assess what information it collects (whether from employees, customers, services providers or other third parties such as credit bureaus) and review whether that information is actually necessary for the purposes for which it was collected.

The purpose of this legislation is to protect the personal information of citizens, which is obtained and processed by both public and private institutions, and also attempts to balance the right to privacy with other rights such as access to information. The POPI Act is important because it protects data subjects from harm, like theft and discrimination.

The POPI Act applies to every business in South Africa (even international companies that do business in South Africa) that collects, uses, stores or destroys personal information from a data subject (the natural or legal entity to whom the information belongs), whether or not such processing is automatic.

What are the obligations of businesses under the POPI-Act?

Some of the obligations include:

To only collect information for a specific purpose;
to ensure that the information is relevant and up to date;
to have reasonable security measures in placer to protect the information;
to only keep the necessary information; and
to allow the data subject to obtain or view his or her information on request.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The Protection of Personal Information Act (or POPI Act) in Short

marketing

Bar Butler

Consol

Continental Homeware

D'Ziner Home

De'Longhi

Enzer

Falez

Felli

Fenici

Fine Living

Finery

Goldair