Only 34% of South African organisations ready to comply with POPI Act

Johannesburg, 14 Feb 2019

* 77% of South African decision-makers admit their organisation will suffer reputational damage if fined for non-compliance with the POPI Act
* 30% of organisations have only the basic understanding of the act

Sophos, a global leader in network and endpoint security, issued the findings of a new study today that was commissioned to determine the state of POPI compliance within South African organisations.

The Protection of Personal Information (POPI) Act promotes the protection of personal information by public and private bodies and had been signed into law in 2013. It is expected to come into effect during 2019 after which organisations will have two years to comply.

The Sophos commissioned survey, which ran online with ITWeb during November 2018, revealed that only 34 % of survey respondents felt their organisation was going to be ready to meet the POPI requirements. This means that more than half of the organisations have yet to put the right processes and technology in place to protect personal data, which could see them having to pay heavy fines to the supervisory authority if the Information Regulator reveals non-compliance with POPI legislation.

The study further revealed that an overwhelming majority of respondents (77%) believe that their organisation will suffer reputational damage if fines for non-compliance were imposed. The reputational damage can be more damaging than the financial penalties, as it involves loss of goodwill and customer trust.

Pieter Nel, regional manager, Sophos South Africa, commented, "The best way to prepare for POPI is to implement a solid data protection strategy that guards against loss of data whether through malicious or accidental methods. Creating a data protection strategy can be a daunting process, especially if it hasn't previously been a focus area for organisations. Securing against major threats that cause data breaches is a great place to begin."

Other key findings of the survey include:

* Only 10% of respondents indicated that their organisation has a dedicated POPI team
* Two thirds of respondents felt they had a good understanding of the legislation, but almost 30% admitted to only a basic understanding of the act
* Over half of the respondents (62%) have placed a high priority on POPI within their organisation

Nel continues, "Even if organisations don't have dedicated POPI teams, we would recommend that there should be some ownership and responsibility to make the organisation POPI compliant. However, without a clear understanding, there will always be some lapse in POPI implementation. Even if an organisation outsources it to a third party, it is crucial that the organisation has a deep internal understanding of the POPI Act and its impact."

He concludes, "High priority in terms of POPI compliance should translate to readiness of the organisation; without a concrete action plan, organisations will lag behind. Unfortunately, in terms of data breaches, nobody knows when or where it is going to strike next, which is why being prepared is so important."

The survey can be viewed here: Sophos POPI Survey


In November 2018, ITWeb captured input from 180 South African organisations about their POPI compliance, their data protect strategies and approaches to cyber security.



Sophos is a leader in next-generation endpoint and network security, and as the pioneer of synchronised security develops its innovative portfolio of endpoint, network, encryption, Web, e-mail and mobile security solutions to work better together. More than 100 million users in 150 countries rely on Sophos solutions as the best protection against sophisticated threats and data loss. Sophos products are exclusively available through a global channel of more than 26 000 registered partners. Sophos is headquartered in Oxford, UK and is publicly traded on the London Stock Exchange under the symbol "SOPH." More information is available at

Read the latest security news and views on our award-winning Naked Security News and read more about Sophos on our News blog.

Protect every Mac and PC in your home with the next generation of centrally managed free internet security software, Sophos Home.

Connect with Sophos where you are

Twitter, LinkedIn, Facebook, Spiceworks, YouTube, Google+

Editorial contacts

Maria Joubert
Purple Word Box
(061) 441 4920