There’s no ‘one size fits all’ solution to PoPIA compliance

Issue 6 2022 Security Services & Risk Management

Simeon Tassev.

The Protection of Personal Information Act (PoPIA) applies to all businesses in South Africa. However, while it is universally applicable, it is also open to interpretation, and the way in which it applies may differ depending on the nature of a business and the type of information it uses. There is no product or solution that you can buy off the shelf to deliver PoPIA compliance, and no ‘one size fits all’ template that can be applied, which makes it more important than ever to work with the right partners.

Are you ready?

Being PoPIA compliant is a complex exercise, and it is essential to start from the beginning with assessments of various environments, including PoPIA readiness and the cybersecurity landscape. Basically, you need to know where you are, otherwise you will have no idea how ready your business is for PoPIA compliance.

The foundation of this is an understanding of data, data flows and processes, and how these relate to PoPIA and other applicable data protection legislation. Then, businesses can focus their efforts on the data that relates to PoPIA and develop an appropriate framework and approach for elements like data protection, storage and management.

Mind the gaps

On the journey to PoPIA compliance, it is also essential to identify any potential issues in the landscape and data flows. A gap register is an essential element of this process as it will help to document these issues, outline any holes in the compliance strategy, and provide a base from which to work on improving compliance.

While PoPIA is open to interpretation in many areas, there are some very specific requirements that need to be in place, and if they are not, then this is a gap that must be addressed. For example, it is essential to have a way for people to unsubscribe from communications, and a process in place for people to request that their information be removed.

You cannot plead ignorance

While many areas of the Act are not well defined, PoPIA specifically states that ignorance is not considered a defence, but if you are not aware of a problem then you cannot fix it. Businesses need to perform appropriate assessments to form a benchmark of their compliance status, and then work toward addressing any problems, issues or gaps in their processes and practices.

This is an ongoing process as businesses, systems, processes and data are continually evolving, and a cybersecurity and compliance strategy should do the same. After the initial readiness assessments are performed, an annual assessment should be put into place to ensure that security and compliance status are maintained in line with both the generic requirements of PoPIA and areas specific to your business.

Compliance and security go hand in hand, and both need to be up to the right standard to ensure that they are aligned with the legal requirements and risk appetite of the business. However, what compliance looks like differs from business to business and you cannot simply buy a solution to fix the problem. Finding the right partner on this journey is essential to assessing compliance readiness, identifying and closing gaps, and continuing on the journey of compliance for the long term.

For more information contact Galix, 0861 242 549,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Convergence of cyber and physical security
Integrated Solutions Security Services & Risk Management
The overlap between cybersecurity and physical security will necessitate the integration of cyber and physical security in order to enable the sharing of events to the same security operations centre.

Reduce electrical risks in commercial and industrial buildings
Security Services & Risk Management
Eaton’s new whitepaper aims to help professionals reduce electrical risks in commercial and industrial buildings and prevent faults that can endanger workers, damage property and disrupt business continuity.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Security is like infinity
Alwinco Security Services & Risk Management
Security needs constant attention, dedication and input. The scary thing is that most people think that security is something that you buy, install, and then forget about.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.