WHAT IS POPIA?

The Protection of Personal Information Act (PoPIA) is South Africa’s data protection law. The purpose of the legislation is to ensure all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information, by holding them accountable should they abuse or compromise personal information in any way.

PoPIA also aims to align South Africa with global data protection legislation and best practices, and is, in many instances, compatible with Europe’s General Data Protection Regulation (GDPR).

WHO NEEDS TO COMPLY?

All South African businesses must be compliant with the Act by 1 July 2021 or risk non-compliance and potential consequences, including penalties.

WHAT DO BUSINESSES NEED TO DO?

South African organisations need to be educating themselves and their staff on the provisions of the POPI Act, the regulations and how it will affect everyone in their work environment. Training is therefore a key aspect of your POPI Act compliance journey.

Moonstone Business School of Excellence (MBSE) offers 3 fun and interactive online courses that provides key information on POPIA, the data protection principles of POPIA and how to apply these principles in daily business activities.

BACKGROUND OF THE LEGISLATION

The PoPI Act has been put into operation incrementally since 2013, with several sections having already been implemented.

On 1 July 2020, the Act finally came into effect. However, companies were given a one-year grace period to comply with the law. All South African businesses must be compliant with the Act by 1 July 2021 or risk non-compliance and potential consequences, including penalties.