What is POPIA?

The POPI Act is a new all-inclusive piece of legislation that safeguards the integrity and sensitivity of private information. Companies are required to carefully manage the data capture and storage process of Personal Information within the lawful framework as set out in the Act.

POPIA stands for the Protection of Personal Information Act, Act No. 4 of 2013 or POPI Act. This is the new law and is something that most (if not all organisations) will need to follow.

  • “personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person.

How Does POPIA Affect Your Business?

One of the key aspects of any privacy law, and POPIA in particular, is that it describes the conditions for lawful processing. In other words, the conditions that need to be met if you are to manage personal information correctly. Meeting these conditions is mandatory if the organisation is seeking compliance to POPIA.

POPIA applies to any processing (collection, recording, organising, sharing, using, storing etc.) of personal information by a responsible party (website, company or organisation) located in South Africa or outside if they use means to process in South Africa.

If your website, company or organisation is located in South Africa and you process personal information, you’re automatically obligated to comply with POPIA.


Related products and solutions

Is this region a better fit for you?
Go
close icon