UniConsent

POPIA Protection of Personal Information Act in South Africa

The Summary of Protection of Personal Information Act, POPI Act, POPIA, South African Privacy Law.

FeaturesGet Started

What is POPIA?

POPIA is the The General Data Protection Law in South Africa. Along with other privacy laws, defines the new rules for website tracking and tracking cookies in large scale.

POPIA Summary

The Protection of Personal Information Act (POPIA) is South Africa’s data protection law similar to GDPR. The purpose of POPIA is to protect people from harm by protecting their personal information. It has the similar defination like GDPR: The data subject, The responsible party (data controller), The operator (data processor).

POPIA allows companies and organisations to process data if it's deemed in the user's "legitimate interest". POPIA defines consent as any voluntary, specific and informed expression of will.

The consent of the data subject is central. Websites, companies and organisations have to prove that their processing is lawful, consents have been obtained from users.

What is the timeline of Protection of Personal Information Act (POPIA)?

The POPI commencement date is 1 July 2020 with 12 months grace period which makes the deadline for organisations to comply 1 July 2021.

POPIA applies to The following Businesses

Any company or organisation processing personal information in South Africa, who is domiciled in the country, or not domiciled but making use of automated or non-automated means of processing in the country.

Including adtech and social media companies make use of automated processing.

What should be done by the responsible party?

  • Appoint an Information Officer.
  • Draft a Privacy Policy.
  • Raise awareness amongst all employees.
  • Amend contracts with operators.
  • Report data breaches to the regulator and data subjects.
  • Check that they can lawfully transfer personal information to other countries.
  • Only share personal information when they are lawfully able to.

POPIA penalties for non-compliance

  • A fine or imprisonment of between 1 million ZAR and 10 million ZAR or one to ten years in jail.
  • Paying compensation to data subjects for the damage they have suffered.

Consent is requried under POPIA

Personal information is only allowed to be processed if the end-user consents to the processing, including to the specific purposes for which the personal information is being collected.

A user can withdraw their consent at any time.

POPIA compliance

Use a consent management platform like UniConsent to offer consumers full control of data collection, opt-out features, manage the preferences communication for POPIA compliance together with GDPR.

Personal right under POPIA

  • Right to be notified about collection and processing of personal information
  • Right to access personal information
  • Right to request correction of personal information
  • Right to request deletion of personal information
  • Right to object to the processing of personal information
  • Right not to have personal information processed for the purpose of direct marketing by means of unsolicited electronic communications (clearly reflecting the ePrivacy Directive and not the GDPR)
  • Right to not be subject to a decision which results in legal circumstances based solely on the basis of the automated processing
  • Right to complain to the Information Regulator
  • Right to effect judicial remedy

Eight conditions of lawful data processing in South Africa

All eight conditions must be met when processing personal information lawfully under POPIA. The consent of the data subject is central. Websites, companies and organisations have to prove that their processing is lawful, consents have been obtained from users.

  • Accountability (processing is lawful and done in a non-privacy infringing way)
  • Processing limitation (processing only for the given purpose)
  • Purpose specification (specific purpose must be explicitly defined)
  • Further processing limitation (additional processing must still be in accordance with original purpose that the end-user gave their consent to)
  • Information quality (make sure that the data is complete, accurate and updated)
  • Openness (documentation of all processing operations)
  • Security safeguards (must ensure protection and confidentiality of personal information)
  • Data subject participation (ensure that end-users can exercise their rights to access, correct and delete their data)

POPIA Regulator

The main supervisory and enforcing body under POPIA is the Information Regulator, SAIR.

Consent under POPIA vs GDPR

POPIA and the GDPR have the almost identical definitions of consent.

POPIA definition: "any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information"

Comply With Global Privacy Regulations

General Data Protection Regulation (GDPR)

Achieve seamless compliance with the General Data Protection Regulation (GDPR) – the cornerstone of data privacy in the European Union. Safeguard user data and build trust with our comprehensive GDPR compliance solutions.

California Consumer Privacy Act (CCPA)

Navigate the intricate landscape of the California Consumer Privacy Act (CCPA) effortlessly. Our CCPA compliance tools ensure that you adhere to the rigorous data protection standards required for California residents.

U.S. State Privacy Laws

Stay ahead of evolving privacy regulations in the United States. Our platform supports a range of state-specific laws, including CCPA, CPRA, CPA, VCDPA, UCPA, and COPPA, ensuring you remain compliant across all jurisdictions.

California Privacy Rights Act (CPRA)

Embrace the future of data privacy with the California Privacy Rights Act (CPRA). As a pioneering state-level legislation, CPRA empowers businesses to enhance their data protection practices and prioritize consumer privacy.

Colorado Privacy Act (CPA)

Prepare for the Colorado Privacy Act (CPA) with UniConsent CMP. Our solutions help you meet the stringent requirements of this forward-thinking state-level privacy law, ensuring the highest level of data security and compliance.

Virginia Consumer Data Protection Act (VCDPA)

Comply confidently with the Virginia Consumer Data Protection Act (VCDPA). UniConsent CMP provides the tools and expertise to ensure your organization aligns with VCDPA's robust data privacy framework, bolstering trust among Virginia residents.

Utah Consumer Privacy Act (UCPA)

Protect user data effectively with the Utah Consumer Privacy Act (UCPA). UniConsent CMP offers solutions that facilitate compliance with this emerging privacy law, ensuring your business is well-prepared for data privacy challenges in Utah.

Connecticut Data Protection Act (CTDPA)

Guard user information and uphold their privacy rights under the Connecticut Data Protection Act (CTDPA). UniConsent CMP's suite of compliance tools empowers you to navigate this state-level law seamlessly and responsibly.

Children’s Online Privacy Protection Act (COPPA)

Prioritize children's privacy with UniConsent CMP's COPPA compliance solutions. Complying with the Children’s Online Privacy Protection Act (COPPA) is simplified, allowing you to provide a safe online environment for young users.

General Data Protection in Thailand (PDPA)

Adhere to the Personal Data Protection Act 2019 (PDPA) in Thailand with UniConsent CMP. Our expertise in PDPA compliance ensures that your organization can operate confidently and securely in the Thai market while respecting user data privacy.

The General Data Protection Law in Brazil (LGPD)

UniConsent CMP facilitates compliance with Brazil's General Data Protection Law (LGPD). Our solutions empower businesses to meet LGPD's stringent requirements, safeguarding the personal data of individuals in Brazil.

China Personal Information Protection Law (PIPL)

Prepare for the China Personal Information Protection Law (PIPL) with UniConsent CMP. As data protection regulations evolve in China, our platform ensures your organization is well-equipped to handle personal information responsibly and securely.

Protection of Personal Information Act in South Africa (POPIA)

The Summary of Protection of Personal Information Act, POPI Act, POPIA, South African Privacy Law.

India’s Personal Data Protection (PDP)

The Personal Data Protection bill for India could require changes to your data management and is not directly solved with GDPR compliance.

Turkey Personal Data Protection Law (KVKK)

The Summary of Turkey’s Personal Data Protection Law: KVKK.

UK General Data Protection Regulation (UK GDPR)

Achieve seamless compliance with the General Data Protection Regulation (GDPR) – the cornerstone of data privacy in the UK. Safeguard user data and build trust with our comprehensive GDPR compliance solutions.

IAB registered consent manager for GDPRIAB TCF V2 registered consent manager for GDPRIAB TCF Canada registered consent managerGoogle-certified CMPGoogle-certified CMP
Trusted by 5000+ of global publishers and marketers
  • sej
  • football365
  • sharethrough
  • districtm
  • pf1
  • tower cast

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up