Are you looking for a POPI Act summary to help your POPI compliance process? It is a complex law that is difficult to summarise. It has a broad impact on many entities and industries. The impact is also different for different organisations so summarising it for your organisation is no easy task.
Our short POPI Act Summary
The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions. The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.
The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks of non-compliance include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.
The biggest impact is on organisations that process lots of personal information, especially special personal information, children’s information, and account numbers. The most affected industries are financial services, healthcare, and marketing.
For a visual summary – we’ve created a guide that is a plain language POPI Act infographic. It is to help you visualise and understand the key aspects of the Act, and see its definitions, subtle differences, and conditions. Get it here.
POPIA plain language guide | Infographic
What is the POPI Act timeline?
The POPI Act commenced on 1 July 2020 and gave you a 12-month grace period to get your organisation POPI compliant by the POPIA deadline of 1 July 2021. POPIA is regulated by a new Information Regulator while within your organisation, your Information Officer is the key person to ensure compliance.
POPI Act Summary for Executives
If you’re looking for a POPI Act summary to give your board or governing body, we can help you to prepare a short handout and even present the executive briefing.
Need assistance with POPI compliance?
We are currently helping hundreds of organisations comply with the POPI Act.
- Empower yourself with practical knowledge by joining our Data Protection Programme and working through our POPIA lens,
- Understand the impact this has on your organisation by attending one of our events.
- Get assistance by finding out how we can help you with privacy and data protection.
- Raise awareness in your organisation by arranging for us to facilitate your own private in-house POPI Act workshop.
- Increase your knowledge by reading it online.
- Increase your awareness by reading a longer summary of the Protection of Personal Information Act or POPIA.
What are your next steps?
The POPI commencement date was 1 July 2020 which means the deadline for organisations to comply was 1 July 2021. Use our infographic to work out what your next steps should be.
