PoPIA: Time Is up

Issue 3 2021 Security Services & Risk Management, IT infrastructure

The countdown is on. The Protection of Personal Information Act (PoPIA) comes into full effect on 1 July 2021. With the deadline looming, there is a lot of confusion and ambiguity regarding its definitions, requirements and enforcement thereof.

Wale Arewa.

Failure to comply will result in steep fines for violators. Businesses have had ample time to prepare, but many are now scrambling to become compliant. They have realised that the impact is enormous, significant and unresolved personal data protection issues could result in financial penalties.

PoPIA regulates the usage and collection of personal data. Companies are required to handle all data carefully and provide customers with tools to update or delete personal information. They also need to alert consumers immediately if there is any form of breach.

PoPIA affects everyone, from financial institutions, data management companies, media companies, marketers and consumers. This means everyone should be aware of the Act and consequences for breaking the rules.


Many businesses are unaware of the risks, but unfortunately ignorance of the law is no excuse. They will be liable should any breach occur. The penalties are severe, non-compliance could incur fines of up to R 10 million or even imprisonment.

Information officer

Every company needs to appoint an information officer that will be responsible for compliance. This person needs to be registered with the information regulator as a primary contact in case of any breach investigation. More importantly, the information officer will be responsible and face the consequences for any breaches.

Data protection

IT disposal has legislative requirements, compliance to PoPIA, the National Environmental Waste Management Act 2008 (NEMWA 2008), the Consumer Protection Act 68 of 2008 (CPA) and General Data Protection Regulations (GDPR).

Compliance affects employee, supplier and third-party data, as well as the systems that process it and how it is retained and destroyed. It includes the way personal information is stored, handled, processed, protected and who has access to it. Companies need to disclose what information is being gathered and how it will be stored. This could include staff records, ID numbers, drivers' licences, medical history or financial information.

Data disposal

With companies constantly acquiring new technologies, there is a corresponding and often overlooked increase in retired IT assets. These outdated PCs, laptops, monitors and other IT equipment tend to quietly pile up in storerooms.

According to legislation, businesses are required to manage the complete destruction of all data when IT assets reach end-of-life. PoPIA requires IT asset managers to practice due diligence and ensure their storerooms go through the expected data erasure techniques essential to protect company data.

Compliance is fast becoming a competitive advantage. Customers don’t want to be put at risk, data breaches and issues related to regulatory compliance, associated costs and loss of reputation will have dire consequences for businesses that suffer data breaches.

Find out more at www.xperien.com

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Communication in any situation
Issue 8 2020, Elvey Security Technologies , Global Communications , Security Services & Risk Management
Global Communications offers an industry-first with five-year warranty on select Kenwood two-way radios.

The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

The reality of farm attacks
Issue 3 2021, Technews Publishing , Security Services & Risk Management
Nowhere in the world are people being as brutally attacked and murdered like farmers in South Africa (including a number of black emerging farmers and black farm labourers that have been attacked and injured or killed).

Insights into PoPIA compliance
Issue 3 2021, Technews Publishing , Security Services & Risk Management
Hi-Tech Security Solutions asked Carrie Peter, solution owner at Impression Signatures, for a few insights on what this piece of legislation means in the real world.

Top 10 security misperceptions
Issue 3 2021 , Cyber Security, Security Services & Risk Management
The Sophos Rapid Response team has compiled a list of the most commonly held security misperceptions they’ve encountered in the last 12 months while neutralising and investigating cyberattacks in a wide range of organisations.

Dicentis Flush
Issue 3 2021, Bosch Building Technologies , Products, IT infrastructure
Bosch adds modular product range with installation convenience to its IP-based conference portfolio, allowing easy system scalability with the option of cost-saving dual-seat setups with microphone sharing.

The supply chain of the future
Issue 3 2021 , Integrated Solutions, Security Services & Risk Management, Retail (Industry)
For retailers to maximise their bottom line, the supply chain needs to be fast, efficient and responsive, which requires the use of intelligent, integrated technology.

Anomaly detection is the first layer
Issue 3 2021 , Security Services & Risk Management
A multi-layered, proactive approach to data management and protection is essential and this begins with anomaly detection as the first line of defence.

Towards a cashless world
Issue 3 2021 , Security Services & Risk Management
In addition to being safer from a viral transmission perspective, contactless payment is also faster and integrating multiple contactless payment methods assists small businesses to better maintain financial liquidity.

mySOS targets neighbourhood safety
Issue 2 2021 , Security Services & Risk Management
Beyond protection for valuables and premises, people are also looking to ensure their personal safety and that of their loved ones as they move around and within community areas.