Stay at home, and let’s work together to combat COVID-19. For more information visit:

Stay at home, and let’s work together to combat COVID-19. For more information visit:

Let Us Help You Comply With POPIA

Let Us Help You Comply With POPIA

Nozipho Mvulane

The Protection of Personal Information Act 4 of 2013 (POPIA) has been brought about to protect the personal information of all data subjects (individuals and/or businesses), electronically and physically. POPIA aims to give effect to the constitutional right to privacy, whilst balancing this against competing rights and interests, particularly the right of access to information.

The Presidency announced dates for compliance to POPIA. Section 110 and  section 114(4) of POPIA shall commence on 30 June 2021. Thereafter:

  • sections 2 to 38;
  • sections 55 to 109;
  • section 111; and
  • section 114 (1), (2) and (3),

shall commence on 1 July 2020.

All organisations need to become compliant as soon as possible, in order to prevent punitive sanctions for themselves and/or their businesses.

Coming into effect 30 June 2021

Sections 110 and 114(4) shall commence on 30 June 2021. Section 114(1) states that all forms of processing of personal information must, within one year after the commencement of the section, be made to conform to the Act. This means that entities will have to ensure compliance with POPIA by 1 July 2022.  However, it stands to reason that private and public bodies should attempt to comply with the provisions of POPIA as soon as possible in order to give effect to the rights of individuals.

Coming into effect 01 July 2021

The following sections will come into effect 01 July 2021, and they are sections 2 to 38, sections 55 to 109, section 111, and section 114 (1), (2) and (3) of POPIA.

This means that almost the entire POPIA has come into effect. These are essential parts of POPIA and comprise sections which pertain to:

  • the conditions for the lawful processing of personal information;
  • the regulation of the processing of special personal information;
  • Codes of Conduct issued by the Information Regulator;
  • procedures for dealing with complaints;
  • provisions regulating direct marketing by means of unsolicited electronic communication; and
  • general enforcement of the POPIA.

Organizations should:

  • Appoint an Information Officer and ensure that he is aware of his roles and responsibilities.
  • Make decision makers in your organization aware that the law has changed in accordance with the POPIA
  • Make decision makers in your organization aware that there are severe consequences of non-compliance.
  • Conduct a current status risk assessment and/or information audit to establish data protection compliance level.
  • Document what Personal Information:
    • you currently hold;
    • where it comes from; and
    • how it is to be used and who you share it with.

POPIA Policies and Procedures

In order to ensure as much compliance with POPIA as possible, organizations need to draft POPIA policies and procedures to ensure that everyone who deals with Personal Information and is aware of the legal implications of POPIA. These policies and procedures should include your organizations privacy policy with regard to:

  • type of data collected;
  • purpose for the data collection;
  • consent for the collection of data;
  • transparency in dealing with personal information;
  • ensuring that collected and retained data is correct and complete;
  • ensuring that there is a reliable process of updating information;
  • ensure data is stored safely;
  • data security safeguards are in place; and
  • there is a complaints process.

Organizations should put procedures in place to monitor and enforce compliance.

How we can help you

We have the following policies and procedures (which can be edited) that can assist with your POPIA compliance:

  • Cookie Policy;
  • Privacy Policy;
  • Privacy Note;
  • Terms of Use;
  • Confidentiality Clause;
  • Compliant Form;
  • Consent to Processing Personal Information;
  • Contact Us Form – Website;
  • Direct Marketing Consent; and
  • Personal Information Request Form.

For further information, please contact Rajaram Mvulane Attorneys at

Article Disclaimer

This article is not intended to provide legal advice. This article is a general information sheet and should not be used or relied on as legal or other professional advice. This article is based on research regarding laws and may be subject to change. No liability can be accepted for any errors or omissions nor any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE).

Related Posts

Leave a Reply