POPIA unpacked: What you need to know

By Peter Grealy, Nozipho Mngomezulu, Karl Blom, Wendy Tembedza, Webber Wentzel

Johannesburg, 06 Aug 2020
Read time 1min 00sec

After years of starts and stops – virtually all the operational provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) finally came into force on 1 July 2020. All businesses and public bodies will be affected. This development impacts every public and private body in South Africa.

The infographic below provides an overview of the instances in which POPIA will apply to processing activities and the obligations that come with POPIA. There is a 12-month grace period – until 30 June 2021 – by which to comply with the comprehensive requirements set out in POPIA; and non-compliance can result in significant penalties – up to 10  years' imprisonment and/or ZAR10 million in administrative fines. 

POPI’s reach is wide – it regulates all organisations that process personal information – information about employees, customers, suppliers and those who outsource key processing activities, share data offshore, or engage in direct marketing.

We can offer clients a cradle-to-the-grave service, including POPIA audits, gap analyses, insurance, training, data protection impact assessments, crisis planning for data breaches and expert advice in engaging the Information Regulator and managing litigation.

Download the POPIA infographic here.

Editorial contacts
Paula Youens (+27) 21 431 7039
See also