You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

NEW SENS search and JSE share prices

More about the app

POPI comes into effect on 1 July 2021

Here is a practical guide to the most important aspects.
Image: Shutterstock

All businesses with employees, customers and suppliers must comply with POPI, which comes into effect on July 1, 2021. Here is a practical guide to the most important aspects:

With the commencement date of the Protection of Personal Information Act 4 of 2013 (POPI) of July 1, 2021 fast approaching, businesses should be reviewing their use of personal information to determine if it complies with the act. It is important to understand that any business that has employees, customers and suppliers must comply with POPI when dealing with personal information. Below are a few tips on ways businesses can kick-start their compliance exercise.

Moneyweb Insider INSIDERGOLD

Subscribe for full access to all our share and unit trust data tools, our award-winning articles, and support quality journalism in the process.

Choose an option:

R63 per month
R630 per year SAVE R126

You will be redirected to a checkout page.
To view all features and options, click here.

A monthly subscription is charged pro rata, based on the day of purchase. This is non-refundable and includes a R5 once-off sign-up fee.
A yearly subscription is refundable within 14 days of purchase and includes a 365-day membership.

Click here for more information.

Figure out what personal information you process and why

Under POPI, a business must be able to justify why it holds personal information based on one of the several justifications set out in POPI.  This is a good opportunity for a business to assess what information it collects (whether from employees, customers, services providers or other third parties such as credit bureaus) and review whether that information is actually necessary for the purposes for which it was collected.  In this regard, minimality is key – business should not collect more personal information than is required. Importantly, the term “personal information” is defined very broadly to mean any information that can be used to identify an individual person or another business entity.

Get rid of what you do not need

Under POPI, a business cannot keep a record of personal information once the reason for which it was collected no longer exists, unless required by law.  For example, unless required by law, a business should not keep personal information of any former supplier when the relationship has ended.  Businesses should therefore check whether they are holding onto any old records of personal information that they no longer need and dispose of them in a secure manner.  It is important to note that more data means more risk and it is best to purge what is not required.

Look at security

Correct management of personal information means appropriate security must be in place to protect it. POPI requires a business to put in place “appropriate, reasonable technical and organisational measures” to prevent loss, theft, or damage to personal information.  The suitability of security measures will depend on the business and the type of personal information it holds.


Opt-out marketing emails and SMSs are a thing of the past under POPI. Unless a person is an existing customer, a business cannot send him or her marketing emails or SMSs without first getting consent from the person. Any request for marketing consent must include language that is set out in Regulations to POPI. Businesses should therefore review their direct marketing practices.

Go for the easy wins

POPI compliance may seem like a daunting task but there are some “easy wins” when it comes to compliance. Basic documents used by the business will likely need updating for POPI compliance. These include company privacy policies and employee and supplier contracts. All these documents should aid the business in proving its compliance with POPI.

Wendy Tembedza from Webber Wentzel.


Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in to comment.


A pet hate of mine is leaving my details on a clipboard at security/reception when entering a business as anyone can copy the details – i.e. the next visitor. Under POPI, I imagine this will be managed better?

Just change the last or two digits of your mobile number and sign in as Donald Duck! QED… Quack Easily Done.

I’ll use that Alias

Another piece of cumbersome legislation forced upon the 20% of law abiding citizens whilst the rest just do whatever they want. If I want to build a 1,5 m retainer wall I need to submit plans to city council and wait 3 months for approval. But if some guy wants to build his shack right next to the N2 he just does it. Dare to try and remove him and all he’ll will break lose.

The Zululand planning department sees the N2 as their personal and private domain where they can do all their traditional encamping and cattle farming. The N2 is ideal for a main street of a new settlement. They have recently built a large school that is alongside and accessed from the N2. The traffic is brought to a crawling pace because of the danger to children which has been intentionally created.
There is no regard for the importance and need for any National Highway, nor of the toll system where users must pay to be brought to a standstill by cattle, goats and children.
When are we ever going to be released from going backwards to satisfy the ignorant?

You are so angry.These are people that also have claim.Respect your fellow countryman’s cultures, they are more important that what you believe is convenient.You mentioned Zululand so are you must be referring to Zulu people bring ignorant?

Never by all accounts, as magashule, sums, nohouse with malema providing the racist vitriol and their ret thugs are planning a countrywide lockdown and molestation of the “rich” and a likely civil war to follow, so grazing on the freeways will wane into insignificance!

Wendy, thanks for this.A legal question please:what does POPI say about WASPS(wireless application service providers)? Will they too be forced to be compliant with POPI? If so, how.If not, why not?

Good question. We are plagued by these scamsters (WASPS) who simply activate their offerings on one’s phone and deduct cash from one’s cellphone account without one’s personal authorisation.

The “Poppie” law won’t work against a SARS investigation: you have provide what Revenue ask for…

I would love Moneyweb to do an article on what you can do to enforce a company to comply with POPI. I had an MTN contract many years ago. So 10 years later I twice (2020 and 2021) had persons using that old profile to fraudulently take out MTN contracts in my name. Same happened at FNB, 15 years after closing my accounts with them someone could just go into my old profile and open a credit card account in my name – this happened 2019 and again in March 2021.

So how do I get FNB and MTN to delete my old profiles from their systems?

This is why you do not need to worry about POPI at all: When SA was awarded the 2010 Soccer World Cup, FIFA insisted that SA create data privacy legislation since there would be international travellers who they insisted should be afforded adequate data privacy protection. In true ANC style, the POPI Bill was only published in 2013 (yes, 3 years late). It then only took the ANC another 8 years to get this piece of legislation effective (July 2021). If you think for one second that the ANC has the capacity (intellectual and financial) to police POPI, then you’re very optimistic.

End of comments.





Follow us:

Search Articles: Advanced Search
Click a Company: