Blog Post
BY Stephen Cavey | 23 November 2021
After eight long years, the Protection of Personal Information Act (POPIA), which was first introduced in 2013, officially went into effect July 1, 2021. This is South Africa’s first data privacy law, and companies currently have a 12-month grace period to achieve compliance. The act aims to protect the personal information processed in South Africa and enhance the ability of information sharing globally. Although it predates the GDPR, it is often referred to as South Africa’s GDPR equivalent. POPIA could be considered “adequately protective” in comparison to GDPR, as it includes certain stricter provisions based on earlier versions of the GDPR.
Personal information (PI) has an open-ended definition under POPIA. The data must relate to an “identifiable, living, natural person” or occasionally “an identifiable, existing, juristic person” when information related to race, sex, gender or origin is involved. Our blog on PII (personal identifiable information) highlights both examples of PII and how the intersection of that information can build a larger picture of who you are.
The requirements of POPIA outline rules for responsible parties to follow.
Unlike the GDPR, which requires compliance of any organization that processes personal data of data subjects within the European Union, POPIA requires compliance of any organization that processes personal information within the country. It does not apply to the processing of personal or household data.
Under POPIA, responsible parties must comply with the following conditions:
Non-compliance with POPIA can result in a fine of up to $668,100 USD or up to 10 years in jail, depending on the severity of the crime. Ultimately, when it comes to which penalty one might face, the deciding factor is based on the extent of damage done to data subjects.
The Protection of Personal Information Act is a relatively straightforward law in who it protects and who it regulates. If you are an organization processing personal information within South Africa, the best way to ensure that information is being handled properly is having a strong understanding of where it is located within your systems. Ground Labs’ Enterprise Recon can locate where your data resides across multiple access points.
If you are ready to take the first step towards compliance, schedule a discovery call with one of our experts now.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.