POPI Compliance

Protection of Personal Information Act No.4 of 2013. (“POPI”)

This act was written in 2013 and became law on 1 July 2020. It is the equivalent of the EU’s GDPR. It defines the conditions for responsible parties to lawfully process the personal information of data subjects (both natural and juristic persons). The purpose of the this Act is to ensure all South African businesses conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise the third party’s personal information in any way.

The goal of the POPI Act is to protect data subjects from security breaches, theft, and discrimination. To accomplish this, it outlines eight principles that South African data processors must follow:

  1. Accountability = assigning ownership in your organisation;
  2. Processing Limitation = processing information for lawful reasons and in a manner that does not infringe privacy;
  3. Purpose Specification = only obtaining and holding personal information for a specific purpose;
  4. Further Processing Limitation = Further processing of personal information must be compatible with the purpose for which it was collected;
  5. Information Quality = ensuring that information is complete and accurate;
  6. Openness = informing individuals that their information has been obtained and the purpose thereof;
  7. Security safeguards = the integrity of personal information must be secured using appropriate, reasonable, technical and organisational measures;
  8. Data Subject Participation = a data subject has the right to request access to their personal information that you hold; to request the information is deleted or corrected if appropriate.

At EGRA, we can perform a formal review of your current systems in place to protect personal data. AS a result, you will know what to do to ensure that you are compliant to the requirements of the Act.

In addition, we can provide consulting services to get to the point where your Information Officer can declare that all has been done to ensure the safety of any personal data as managed by the company.

Contact Us


082 887 1770