Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Insights into PoPIA compliance

Issue 3 2021 Security Services & Risk Management

By now everyone knows PoPIA (The Protection of Personal Information Act) becomes a reality on 1 July 2021 and there will be no extensions. For those who may not have prepared or even know what they need to be doing, Hi-Tech Security Solutions asked Carrie Peter, solution owner at Impression Signatures for a few insights on what this piece of legislation means in the real world.

Hi-Tech Security Solutions: What are the realities when it comes to PoPIA compliance? Do companies have to reinvent the wheel to be compliant?

Carrie Peter: In some cases they will have to reinvent the wheel, but that will be dependent on their internal security and privacy controls. From something as simple as a customer completed form, to far more complex systems that hold deeply private data such as medical records, minimalism and privacy needs to be baked in. The extent to which a company will have to reinvent the wheel will depend on where the company is at starting position.


Carrie Peter.

Due to safety and privacy issues, many organisations may already be in a position where they have been complying to regulations, such as informing the customer of the reason for retaining information. For these organisations, compliance may just involve slight adjustments in protocol. For other organisations, compliance may entail more extensive steps and re-configurations.

Hi-Tech Security Solutions: Apart from the threats of jail for directors, what are the real risks of non-compliance (from legal and other perspectives)?

Carrie Peter In addition to potential imprisonment, non-compliance may lead to heavy fines. Section 107 of the Act states: “For the more serious offences the maximum penalties are a R10 million fine or imprisonment for a period not exceeding 10 years or to both a fine and such imprisonment. For the less serious offences, for example, hindering an official in the execution of a search and seizure warrant, the maximum penalty would be a fine or imprisonment for a period not exceeding 12 months, or to both a fine and such imprisonment.”

Further to this, the costs that can be caused by data breaches and security issues can make the fines seem light. Reputational damage, productivity losses and data losses can cause millions of rands in damage. Responding to a minor cyber incident can cost millions of rands. Organisations that do not comply also run the risk of losing the confidence of their customers and clients, since the Act has been instated to protect the privacy and confidentiality of their information, this loss of trust can potentially result in a downturn in business.

Hi-Tech Security Solutions: What should companies be ready for in terms of people asking what private information the organisations hold for them? Can an individual insist a company provides and then deletes all info they have on them? How long does a company have to supply/delete such personal information?

Carrie Peter: According to the Act, the data subject must be informed about the reason for the information requested. The organisation also has to inform the data subject about and gain permission for, the sharing of that personal information to any additional third parties. The data subject has the right to request the reason for personal information obtained at any time.

The data subject also has the right to request what information an organisation has about the subject and to order the deletion of that information. The organisation must comply and the information must be deleted immediately upon request without any penalties, conditions or fines to the data subject.

Hi-Tech Security Solutions: With 1 July looming, what are your top three tips for companies to ensure they are compliant or will be compliant?

Carrie Peter: My suggestions are:

1. Understand what private data you hold and what private data you need to hold – gather and hold only what you need.

2. Understand consent – it is fine to gather and hold data if you have consent to do so. Make sure that all data obtained has the consent of the data subject.

3. Trust no one – develop a risk management and mitigation programme and regularly assess your day-to-day practices against this. Keep record of compliance measures at all times.

For more information go to www.impression-signatures.com


Credit(s)

Tel: +27 11 543 5800
Email: malckey@technews.co.za
www: www.technews.co.za
Articles: More information and articles about Technews Publishing



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

From the editor's desk: It’s all about data
Technews Publishing News & Events
      Welcome to the SMART Access and Identity Handbook 2026. We have slightly changed the handbook this year, specifically the selection guides, but there is still a lot of industry information inside, and ...

Read more...
Access trends for 2026
Technews Publishing SMART Security Solutions RR Electronic Security Solutions Enkulu Technologies IDEMIA neaMetrics Editor's Choice Access Control & Identity Management Infrastructure
The access control and identity management industry has been the cornerstone of organisations of all sizes for decades. SMART Security Solutions asked local integrators and distributors about the primary trends in the access and identity market for 2026.

Read more...
Beyond the fence
Technews Publishing Fang Fences & Guards SMART Security Solutions Perimeter Security, Alarms & Intruder Detection Access Control & Identity Management
In a threat landscape characterised by sophisticated syndicates, harsh environmental conditions, and unstable power grids, a static barrier is no longer a defence; it is merely a brief delay.

Read more...
Zero Trust access control
Technews Publishing SMART Security Solutions CASA Software NEC XON Editor's Choice Access Control & Identity Management Information Security
Zero Trust Architecture enforces the rule of ‘never trust, always verify’. It changes an organisation’s security posture by assuming that threats exist both inside and outside the perimeter, and it applies to information and physical security.

Read more...
Holding all the cards
neaMetrics Suprema SMART Security Solutions Technews Publishing Access Control & Identity Management
After so many years of offering alternatives to card technology for access control, one could be forgiven for assuming we are all using biometrics or mobile credentials for all our physical and digital access requirements.

Read more...
From digital transformation to digital sovereignty
Security Services & Risk Management IoT & Automation
As cyberthreats grow, data regulations tighten, and AI becomes central to economic competitiveness, countries are recognising the need to control and protect their own digital assets.

Read more...
The age of Lean 4.0: Orchestrating intelligence and efficiency
Security Services & Risk Management
The convergence of Lean principles and AI (what we now call Lean 4.0) is no longer a theoretical exercise; it is the defining operational paradigm for survival and growth in a complex, data-intensive economy.

Read more...
Risks of open-source intelligence escalating in crime
Security Services & Risk Management Residential Estate (Industry) Smart Home Automation
CMS estimates that open-source intelligence has played a role in 20 - 30% of robberies over the past 12 months. In cybercrime, global research consistently shows that many offences rely on some form of open-source data exploitation.

Read more...
Seeing is no longer believing
Security Services & Risk Management
Fraud has shifted. It is no longer just about financial theft; it is about identity theft in the most visceral sense. The most effective control is often completely non-technical: the ‘pause and verify’ rule.

Read more...
The year of machine deception
Security Services & Risk Management AI & Data Analytics
The AU10TIX Global Fraud Report, Signals for 2026, warns of the looming agentic AI and quantum risk, leading to a surge in adaptive, self-learning fraud, and outlines how early warning systems are fighting back.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.