Monday, 23 April 2018

Protection of Personal Information Act (POPIA) for Small Businesses

I often get asked: does POPIA apply to my small business?  The answer is definitely yes. POPIA gives effect to section 14 of the Constitution, which provides that everyonehas the right to privacy – the right to privacy includes a right to protection against the unlawful use of personal information. 

POPIA sets out data protection principles and provides guidelines on how to deal with personal information.  It follows international trends and puts South African on par with global best-practice in so far as data protection is concerned.  An Information Regulator has already been established, and this body will have the ability to impose significant fines and investigate non-compliance.  Although the Act was signed into law in 2013, it only commenced partial operation in 2014, and has yet to commence full operation: we expect this will happen during 2018, and once the POPIA is fully operative, all businesses will have one year to comply – or face severe sanctions.

Does your business collect, store or process any personal information? Personal information is any data relating to an identifiable living or juristic personand includes: contact details, demographic information, personal history, product preferences, or any other information that can be used to identify a person.   

It is highly likely most small to medium businesses will answer “yes” – in that most – if not all – businesses process some personal information. POPIA requires you to ensure data is processed in accordance with eight ‘conditions’: the conditions oblige you to only collect information with a specific purpose; store it safely; ensure the information is relevant and accurate; only collect what is required; and allow the “subject” to inspect any information you hold.

Importantly, personal information can only be collected if the person has “opted-in”. In other words, the person must specifically agree to the information being collected (subject to an exception dealing with existing clients).

How can you comply with POPIA?  Ensure you have a brief, written policy outlining how you process personal information. Think carefully about how your business uses data, and why – is the use of personal information necessary?  If so, document it carefully and ensure you are familiar with POPIA.  


  1. Classroom lacks necessary facilities that teachers need to teach. Many classes even lack enough books, art supplies, and technologies. Lack of books translated inability in students to take books for homework or completing their assignments. Lack of study material among students is a negative cycle. Without material, work doesn't get done, and without work, chances are high to ruin the future of students.
    Law assignment help
    Programming Assignment help

  2. We Provide assignment help for students especially in usa getting brilliant quality reviews writing USA, essays and dissertations.We at Top Quality Assignment believe that there is no shortcut to success and to attain success, hard work, dedication, and commitment must be present.AllAssignmentHelp reviews  best in writing unique Assignment.

  3. Thanks for a great such a nice one information.this is a great blog and good job.
    Visit us: Cosmetic Surgery Clinic in Delhi


  4. Really good website this is, full of useful information and advice. Thanks for sharing.
    Visit us: Tummy Tuck Surgery

  5. I really enjoyed reading your blogs...Keep post!
    Visit us: PPC Services Packages

  6. I really happy found this website eventually. Really informative and inoperative, Thanks for the post and effort! Please keep sharing more such blog. We also provide blog My Assignment Help.