top of page
Work Desk


Protection of Personal Information Act

The Protection of Personal Information Act places a huge amount of responsibility on almost all organisations to process personal information responsibly and to protect that information against unauthorised access. Non-compliance can lead to huge damages and fines for your business.

EeziLaw has the knowledge and experience to guide you and give the necessary advice on how best to comply with this relatively new and untested compliance legislation.

Steps to POPIA compliance
POPIA Questions
Our POPIA services

More about POPIA

In 2013 the Protection of Personal Information Act (POPIA) was promulgated to give effect to the constitutional right of privacy of information in South Africa. The law governs when and how organisations collect, use, store, delete and otherwise handle personal information.

Compliance with POPIA came into effect on 1 July 2020 but all organisations that process personal information was given one year grace period to become compliant. This means that all organisations should have been compliant by 1 July 2021.

A quick breakdown of what POPIA is and means to your business:

  • POPIA practically came into effect on 1 July 2020

  • Enforcement of POPIA will happen from 1 July 2021

  • POPIA applies to any company or organization processing personal information in South Africa

  • POPIA creates eight conditions for lawful processing of personal information

  • POPIA creates various rights for individuals and businesses (data subjects) regarding the personal information they provide, including but not limited to the right to access, right to correction and right to deletion of personal information

  • POPIA creates a definition for 'personal information' and 'processing' that is so wide that it just about includes anything you can do with any type of information obtained from role players within an organisation

  • Obtaining consent of the data subject to process their personal information is central to POPIA. It is up to websites, companies and organisations (“responsible parties”) to prove that their processing is lawful and that the necessary consents have been obtained from data subjects to process their personal information

  • Non-compliance with POPIA can lead to fines up to Ten Million Rand and even imprisonment

  • POPIA creates more stringent requirements for direct marketing

bottom of page