POPI refers to South Africa’s Protection of Personal Information Act which seeks to regulate the Processing of Personal Information.


What is Personal Information?

Means any information relating to an identifiable, living natural person or juristic person (companies, CC’s etc.) and includes, but is not limited to:


What is Processing?

Processing broadly means anything done with someone’s personal Information, including collection, usage, storage, dissemination, modification or destruction (whether such processing is automated or not).


Some of the obligations under POPI:


Does POPI really apply to me or my business?


POPI applies to every South African based public and/or private body who, either alone, or in conjunction with others, determines the purpose of or means for processing personal information in South Africa.

There are cases where POPI does not apply. Exclusions include: Section 6:


Why should I comply with POPI?


POPI promotes transparency with regard to what information is collected and how it is to be processed. Openness increases customer trust in the organisation.

Non-compliance with the Act could expose the Responsible Party to a penalty of a fine and/or imprisonment of up to 12 months. In certain cases, the penalty for non-compliance could be a fine and/or imprisonment of up 10 years.

This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)