There’s no ‘one size fits all’ solution to PoPIA compliance

Issue 6 2022 Security Services & Risk Management


Simeon Tassev.

The Protection of Personal Information Act (PoPIA) applies to all businesses in South Africa. However, while it is universally applicable, it is also open to interpretation, and the way in which it applies may differ depending on the nature of a business and the type of information it uses. There is no product or solution that you can buy off the shelf to deliver PoPIA compliance, and no ‘one size fits all’ template that can be applied, which makes it more important than ever to work with the right partners.

Are you ready?

Being PoPIA compliant is a complex exercise, and it is essential to start from the beginning with assessments of various environments, including PoPIA readiness and the cybersecurity landscape. Basically, you need to know where you are, otherwise you will have no idea how ready your business is for PoPIA compliance.

The foundation of this is an understanding of data, data flows and processes, and how these relate to PoPIA and other applicable data protection legislation. Then, businesses can focus their efforts on the data that relates to PoPIA and develop an appropriate framework and approach for elements like data protection, storage and management.

Mind the gaps

On the journey to PoPIA compliance, it is also essential to identify any potential issues in the landscape and data flows. A gap register is an essential element of this process as it will help to document these issues, outline any holes in the compliance strategy, and provide a base from which to work on improving compliance.

While PoPIA is open to interpretation in many areas, there are some very specific requirements that need to be in place, and if they are not, then this is a gap that must be addressed. For example, it is essential to have a way for people to unsubscribe from communications, and a process in place for people to request that their information be removed.

You cannot plead ignorance

While many areas of the Act are not well defined, PoPIA specifically states that ignorance is not considered a defence, but if you are not aware of a problem then you cannot fix it. Businesses need to perform appropriate assessments to form a benchmark of their compliance status, and then work toward addressing any problems, issues or gaps in their processes and practices.

This is an ongoing process as businesses, systems, processes and data are continually evolving, and a cybersecurity and compliance strategy should do the same. After the initial readiness assessments are performed, an annual assessment should be put into place to ensure that security and compliance status are maintained in line with both the generic requirements of PoPIA and areas specific to your business.

Compliance and security go hand in hand, and both need to be up to the right standard to ensure that they are aligned with the legal requirements and risk appetite of the business. However, what compliance looks like differs from business to business and you cannot simply buy a solution to fix the problem. Finding the right partner on this journey is essential to assessing compliance readiness, identifying and closing gaps, and continuing on the journey of compliance for the long term.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
SA’s private security industry receives multi-million USD investment
News & Events Security Services & Risk Management
South Africa's private security sector has attracted significant international attention, with the world’s largest tactical flashlight manufacturer, Nextorch, announcing a major investment in its local operations, Nextorch Africa.

Read more...
Vetting people in security estates
iFacts Security Services & Risk Management Residential Estate (Industry)
In today’s security-conscious South Africa, estate management’s responsibility extends beyond gates and patrols; it involves ensuring that every resident, staff member, and service provider upholds the community’s safety standards.

Read more...
View from the trenches
Technews Publishing SMART Security Solutions Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
There are many great options available to estates for effectively managing their security and operations, but those in the trenches are often limited by body corporate/HOA budget restrictions and misunderstandings.

Read more...
IVA AI Pro Visual Gun Detection
Products & Solutions Surveillance Security Services & Risk Management Residential Estate (Industry)
Bosch has announced the launch of the IVA AI Pro Visual Gun Detection analytics based on deep learning. It is designed for automatic detection and classification of people and brandished firearms.

Read more...
IP-based horn loudspeakers
Products & Solutions Surveillance Security Services & Risk Management Residential Estate (Industry)
Bosch has announced the launch of its new IP-based horn loudspeakers and amplifier module: the high-output LHN-UC15L-SIP horn (for long-throw applications), the compact LHN-UC15W-SIP horn (for wide-angle coverage) and the AMN-P15-SIP amplifier module.

Read more...
SMART Estate Security Conference KZN 2025
Arteco Global Africa OneSpace Technologies SMART Security Solutions Technews Publishing Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
May 2025 saw the SMART Security Solutions team heading off to Durban for our annual Estate Security Conference, once again hosted at the Mount Edgecombe Country Club.

Read more...
ProtecLink 2025 spotlights industry tensions and transformation
Magtouch Electronics t/a Ithegi Electronics Security Services & Risk Management News & Events
ProtecLink 2025, created and hosted by Ithegi Electronics, brought together key stakeholders from the security, finance, and innovation sectors under the theme "Connecting Security, Finance, and Innovation: Inspiring Transformation in the Industry."

Read more...
SSG Holdings acquired by Fidelity Services Group
News & Events Security Services & Risk Management
Fidelity Services Group has successfully acquired a majority shareholding in SSG Holdings. The acquisition builds on Fidelity’s track record of strategic expansion, including previous high-profile acquisitions.

Read more...
The role of drones in farm protection
Agriculture (Industry) Security Services & Risk Management
Laurence Palmer reminds us of the role drones play in agricultural security and offers a free security risk assessment template for downloading (link at the end of the article).

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.