There’s no ‘one size fits all’ solution to PoPIA compliance

Issue 6 2022 Security Services & Risk Management


Simeon Tassev.

The Protection of Personal Information Act (PoPIA) applies to all businesses in South Africa. However, while it is universally applicable, it is also open to interpretation, and the way in which it applies may differ depending on the nature of a business and the type of information it uses. There is no product or solution that you can buy off the shelf to deliver PoPIA compliance, and no ‘one size fits all’ template that can be applied, which makes it more important than ever to work with the right partners.

Are you ready?

Being PoPIA compliant is a complex exercise, and it is essential to start from the beginning with assessments of various environments, including PoPIA readiness and the cybersecurity landscape. Basically, you need to know where you are, otherwise you will have no idea how ready your business is for PoPIA compliance.

The foundation of this is an understanding of data, data flows and processes, and how these relate to PoPIA and other applicable data protection legislation. Then, businesses can focus their efforts on the data that relates to PoPIA and develop an appropriate framework and approach for elements like data protection, storage and management.

Mind the gaps

On the journey to PoPIA compliance, it is also essential to identify any potential issues in the landscape and data flows. A gap register is an essential element of this process as it will help to document these issues, outline any holes in the compliance strategy, and provide a base from which to work on improving compliance.

While PoPIA is open to interpretation in many areas, there are some very specific requirements that need to be in place, and if they are not, then this is a gap that must be addressed. For example, it is essential to have a way for people to unsubscribe from communications, and a process in place for people to request that their information be removed.

You cannot plead ignorance

While many areas of the Act are not well defined, PoPIA specifically states that ignorance is not considered a defence, but if you are not aware of a problem then you cannot fix it. Businesses need to perform appropriate assessments to form a benchmark of their compliance status, and then work toward addressing any problems, issues or gaps in their processes and practices.

This is an ongoing process as businesses, systems, processes and data are continually evolving, and a cybersecurity and compliance strategy should do the same. After the initial readiness assessments are performed, an annual assessment should be put into place to ensure that security and compliance status are maintained in line with both the generic requirements of PoPIA and areas specific to your business.

Compliance and security go hand in hand, and both need to be up to the right standard to ensure that they are aligned with the legal requirements and risk appetite of the business. However, what compliance looks like differs from business to business and you cannot simply buy a solution to fix the problem. Finding the right partner on this journey is essential to assessing compliance readiness, identifying and closing gaps, and continuing on the journey of compliance for the long term.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

ArxTech: Over 30 years of evolving security solutions for South Africa’s toughest challenges
Security Services & Risk Management Integrated Solutions
[Sponsored] For over 30 years, a Centurion-based company has helped shape how security technology is designed, deployed, and supported in South Africa. Originally known as CellSecure, it now operates as ArxTech.

Read more...
Don’t Miss the Exclusive Launch of the AirXpress 3 SCBA
Security Services & Risk Management
Be the first to experience the all-new AirXpress 3 Self-Contained Breathing Apparatus (SCBA), designed and manufactured by MSA, and brought to you by PSA Africa.

Read more...
Transform WhatsApp chaos into real-time security intelligence
Security Services & Risk Management
The HYDRA AI security intelligence software plugs into existing guard chat groups to automatically convert voice notes, photos, and texts into structured, real-time security data and insights.

Read more...
SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
Health, safety, and environmental eLearning
Training & Education Security Services & Risk Management
SHEilds is a global leader in health, safety, and environmental eLearning, delivering internationally recognised qualifications such as NEBOSH, IOSH, IEMA, and ProQual NVQs.

Read more...
See crime stopped in seconds
Products & Solutions Security Services & Risk Management
Fog Bandit, a leader in security fog, is bringing its instant crime-stopping technology to Securex Cape Town 2025. Experience the innovation trusted worldwide to protect retailers, warehouses, and high-value sites.

Read more...
SA’s private security industry receives multi-million USD investment
News & Events Security Services & Risk Management
South Africa's private security sector has attracted significant international attention, with the world’s largest tactical flashlight manufacturer, Nextorch, announcing a major investment in its local operations, Nextorch Africa.

Read more...
Vetting people in security estates
iFacts Security Services & Risk Management Residential Estate (Industry)
In today’s security-conscious South Africa, estate management’s responsibility extends beyond gates and patrols; it involves ensuring that every resident, staff member, and service provider upholds the community’s safety standards.

Read more...
View from the trenches
Technews Publishing SMART Security Solutions Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
There are many great options available to estates for effectively managing their security and operations, but those in the trenches are often limited by body corporate/HOA budget restrictions and misunderstandings.

Read more...
IVA AI Pro Visual Gun Detection
Products & Solutions Surveillance Security Services & Risk Management Residential Estate (Industry)
Bosch has announced the launch of the IVA AI Pro Visual Gun Detection analytics based on deep learning. It is designed for automatic detection and classification of people and brandished firearms.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.