PoPIA is imminent, are you ready?

Issue 9 2020 Security Services & Risk Management

After nearly a decade of ‘it’s nearly here’ the Protection of Personal Information Act’s (PoPIA) arrival is genuinely imminent. Compliance with the Act is viewed as being expensive, intimidating, and confusing – leaving many businesses of all sizes unsure of how to approach the challenge. Small businesses may become daunted by the apparent cost of compliance. The real question is, can any business afford non-compliance?


Carrie Peter.

PoPIA is designed to protect personal information processed by public and private bodies. ‘Personal information’ is that data which alone, or in combination, allows a person to be uniquely identified, and any information that may tell the reader something about someone. The Act came into effect on 1 July 2020, with a 12-month grace period. From 1 July 2021, non-compliance will come with substantial penalties, including: a fine or imprisonment of between R1 million and R10 million, or one to 10 years in jail; and financial compensation for damages suffered by data subjects.

In a world that has already been forced to digitalise faster than ever before, concentrating on another area of restructuring may appear overwhelming. For this reason, local provider of e-signature solutions in South Africa, Impression Signatures, has embarked on a campaign to demystify PoPIA, making reliable information available to businesses of all sizes, at no cost. This campaign drives compliance by explaining not only why it’s important, but the terms, requirements, and obligations created by the Act too.

PoPIA is quite clear, the burden of proof that consent was obtained rests with the ‘responsible party’, the entity or person responsible for gathering the information. This means that it is up to the business to prove that they got consent from the customer, and not the customer’s responsibility to prove that they gave consent. It is expensive because systems that were not planned or designed with privacy in mind struggle to retrofit changes into legacy models and processes. In some cases, everything needs to be re-engineered.

If the data is retained for any reason it must be safeguarded. This includes securing storage of this data so that unauthorised third parties do not have access to this data, and that people within the organisation who are not part of the legitimate processing of that data do not have access either. These data management activities should also be provable, so a company should be able to prove that customer data is safe.

“Accessibility is key, and many small businesses simply cannot afford expensive lawyers, consultants, or data consulting experts to help them re-engineer their processes. We place a large focus on accessibility. It’s why our software runs on USSD – because we understand that not everyone has a smartphone, and that shouldn’t preclude them from participating in the local (or global) economy,” confirms Carrie Peter, solution owner at Impression Signatures.

Peter confirms that, much like the General Data Protection Regulation (GDPR), PoPIA comprises three main principles: who can have access to data, what data can they have access to, and how can they use this data? The Impression PoPIA Campaign seeks to explain the definitions in a more palatable format, while giving businesses confidence in their approach to compliance.

With this information at hand, organisations are empowered to take a risk-based approach to compliance. “Operating in accordance with the Act must be accessible to all. The focus should be on affordable solutions, and reliable guidance that helps businesses embrace a cost-based, business-centric approach to applying PoPIA. Businesses must understand their appetite for risk, and the level of data security that each individual contract requires,” concludes Peter.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity recovery matters most
Security Services & Risk Management
As cyberattacks grow more targeted, more destructive, and increasingly aimed at the very fabric of trust within the enterprise, the ability to restore identities has become just as critical as restoring data.

Read more...
ISO 27701 helps demonstrate privacy compliance beyond POPIA
Security Services & Risk Management
ISO 27701 include privacy-specific controls and provides a structured way to manage Personally Identifiable Information (PII) throughout its lifecycle, giving organisations a way to demonstrate how privacy is managed.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
The risk at the edge of South Africa’s agriculture supply chain
Security Services & Risk Management Agriculture (Industry) Logistics (Industry)
Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies are not attractive targets for cybercriminals. Unfortunately, that belief is precisely what makes them one.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Break the silence on fraud
Security Services & Risk Management
We are entering a new era of fraud, one defined by groups that operate across borders, using advanced digital tools and impersonation tactics to deceive victims and wear down communities' trust and financial security.

Read more...
Africa’s white-collar crime landscape
Security Services & Risk Management
White-collar crime in Africa is no longer a predominantly domestic concern; it has expanded onto the international stage, and so too has the corporate exposure that accompanies it.

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.