Audit & Accounting » Protection of Personal Information Act no.4 of 2013 (POPI Act)

Protection of Personal Information Act no.4 of 2013 (POPI Act)

The POPI Act (POPIA) was signed into law in 2013 and finally came into full effect on 1 July 2021.

Does the POPI Act apply to you?

Everyone is affected. Every single business will need to become compliant with this Act or face serious consequences. Every person and company is protected by this Act.

Why should you comply with the POPI Act?

POPI is meant to create openness and increase customer confidence in the organisation. In order to comply with the POPI Act, you just need to:

  1. Capture the minimum amount of required information, ensure it’s accurate and remove information that isn’t required.
  2. Identify the personal information and take appropriate measures to keep the information safe.

Responsible parties will have to take various steps to comply. For example:

  1. Appoint an Information Officer.
  2. Draft a Privacy Policy.
  3. Raise awareness amongst all employees.
  4. Amend contracts with operators.
  5. Report data breaches to the regulator and data subjects.
  6. Check that they can lawfully transfer personal information to other countries.
  7. Only share personal information when they are lawfully able to.

Who will be held accountable if they don’t comply with the Act?

The owner of the business will be held accountable according to the Act

What are the Penalties for Non-compliance?

There are essentially two legal penalties or consequences for the responsible party:

  1. A fine or imprisonment of between R1 million and R10 million or one to ten years in jail.
  2. Paying compensation to data subjects for the damage they have suffered.