A Beginner’s Guide to POPIA

Cole PrudenData Protection, GDPR

flag of South Africa picture for article POPIA explained by PII Tools

Over the past two decades, the online world has experienced a true revolution in data protection. But each corner of the world handles PII differently, so put on your sunglasses and safari hat because we’re headed to South Africa

POPIA or POPI Act?

The Protection of Personal Information Act is the first regulation of its kind aimed at safeguarding South Africans and their potentially sensitive information online. Known officially as the POPI Act, this directive also goes by its more commonly used alternative: POPIA.

Acronyms are the name of the game when it comes to regulations of this sort. In fact, POPIA draws much of its inspiration from a similar set of data protection rules from the EU. You may have even heard of it – the GDPR. Truth be told, POPIA has been described by many as simply “South Africa’s GDPR”.

Initially passed to regulate South Africans’ right to privacy, POPIA is special in that it was enshrined by the actual Constitution of South Africa. This piece of legislation was first actionable back in 2013 but has seen considerable and modern-minded updates go into force as recently as July 2021.

So, we know what POPIA stands for and where it comes from, but what exactly do its 115 sections hold, who does it protect, and does it affect you? Jump into the safari Jeep, and let’s go find out!

Everyone Involved

Because POPIA is a South African regulation, it would make sense that POPIA was designed to protect the PII (Personally Identifiable Information) of its citizens.

But much like the GDPR and similar guidelines, POPIA applies to any company, organization, or individual that handles personal data in South Africa or uses automated or non-automated data processing measures within the country.

That means a company in the US isn’t exempt from upholding POPIA’s rules if that same company collects and stores data on South African citizens. However, one major way that POPIA sets itself apart from the GDPR is that it protects not only the data of living persons but also that of other companies and organizations.

POPIA in 3 Parts

Now that we know who and what POPIA protects let’s take a peek through our binoculars and see if we can’t spot how it safeguards privacy in South Africa.

The Protection of Personal Protection Act can be summarized in three major parts:

  1. 8 Conditions: Outlines the eight conditions under which any person or organization can lawfully process sensitive information.
  2. Non-Compliance: Describes fines and penalties for non-compliance.
  3. Information Regulator: Arranges an Information Regulator to serve as the body that promotes and enforces POPIA.

POPIA’s main eight conditions are very similar to those established in the GDPR and include everything you’d expect in regulations of this stature. Accountability, Purpose Specification, Openness, and Security Safeguards, to name a few. If you’re interested in diving into the weeds on all eight conditions, you’ll find them here.

Next, Chapter 11 of POPIA describes the many reasons why you wouldn’t want to slack off becoming compliant with all rules. The Offences, Penalties and Administrative Fines section was also modeled after similar regulations, meaning it doesn’t mess around, even threatening an R10 million fine (around $500,000) or even up to 10 years in prison for non-compliant parties.

But don’t run back to basecamp yet because POPIA also makes avoiding these penalties easy by laying out a plan anyone can follow to become compliant.

How to Achieve POPIA Compliance

Our Responsibility

By following many of the same data protection procedures we’ve all come to know over the past decade or so, you can also implement POPIA’s rules and find compliance. These regulations are here to protect both individuals and companies or organizations.

And thanks to POPIA, the people of South Africa and their PII are also protected locally and globally. Much like the endangered animals and wonderful landscapes maintained and shielded here, POPIA serves to protect data. Why? Because it’s just the right thing to do.

Achieve Easier POPIA Compliance with Fast and Smart Data Discovery – take the first step and schedule a FREE PII Tools DEMO!