The POPI Act: What is that?

The POPI Act: What is that?

The Protection of Personal Information Act (POPIA) is the new law regarding data protection in South Africa that came into effect on 1 July 2020. The question is, what does the act encompass, how does it impact small business owners, and how can you go about ensuring compliance across your organisation? Christopher Watkins, HashTag Marketing’s CEO, weighs in below.

What is the POPI Act?

As a data protection law, the Act revolves around safeguarding individuals’ personal information in an effort to protect their privacy and reduce their risk of falling victim to identity fraud. The Act does this by strictly outlining the various circumstances when it is considered lawful (and unlawful) for a third party to access, process, store, or share somebody’s personal details.

In short, the Act dictates that a person’s personal information can only be legally processed under the following circumstances:

  • Upon receipt of the person’s consent (in writing)
  • In relation to a contract to which the person is a party
  • If the data processing in question is required by law
  • If the act of processing the person’s information protects a legitimate interest of theirs.

Who does it affect?

“Contrary to popular belief, the POPI act doesn’t only apply to larger corporations,” Chris explains. “Rather, it applies to any individual, business, or organisation that keeps any form of records in relation to individuals’ (or clients’) personal information,” he adds.

How to ensure compliance

It is always best to obtain any personal information concerning a client directly from the client themselves. “That is unless the information can be found in a public record or has been intentionally published by the individual,” says Chris.

Business owners are also urged to ensure compliance by:

  • Hiring an Information Officer
  • Creating a detailed Privacy Policy for the organisation
  • Educating all employees regarding the POPI Act and the role that they play in compliance
  • Amending contracts with clients, suppliers, and operators as necessary
  • Reporting any data breaches to the individual(s) in question and to the regulator
  • Being extremely cautious about sharing client and employee personal information and thoroughly checking that it is, in fact, lawful to do so

POPI Act-compliant marketing services

Here at HashTag Marketing, our business is POPI Act compliant and we are keen to play a role in ensuring that yours is, too. For more information about our various POPI Act-compliant marketing services, such as email marketing and social media marketing, please do not hesitate to get in touch with the team:

Article by, Bianca Marie Golz (Content Writer) – HashTag Marketing





Enter Your Email
To Download

*By downloading this e-Book, you give Hashtagme (PTY) LTD permission to opt you in to our mailing system