
Top stories

Marketing & MediaGoogle's latest antitrust loss in the US raises stakes for Big Tech
Rob Nicholls 23 Apr 2025





More news











Marketing & Media
Chicken Licken bravely debones a rare phobia with their latest campaign
Joe Public 3 days



Cybercrime cost the South African economy approximately R5.8 billion in 2014. Addressing the substantial financial impact of cybercrime on South African businesses has been quite critical, especially of late, as the cost and impact of cybercrime continues to escalate almost unabated.
The POPI Act, which was signed into law in November 2013, although not fully implemented, aims to promote the protection of personal information, which falls under the broader Constitutional right to privacy, and introduce minimum requirements to protect personal information, by regulating how such information is processed, stored, secured, and ultimately destroyed.
These minimum requirements are not currently mandatory and could be one of the reasons why cybercrime is on the rise. Access to personal information is fundamental to cyber criminals carrying out cybercrimes and any legislation that attempts to protect the confidentiality of personal information, such as the POPI Act, will definitely assist in reducing cybercrime. The POPI Act is a crucial component in the overall policy framework to address cybercrime.
With a development track over a decade long, the POPI Act has been carefully considered and includes international best practice standards, which will elevate South Africa's data privacy protection to levels that would more readily facilitate economic trade with nations sensitive about data privacy protection, such as members of the European Union.
Once it is fully implemented, businesses will have one year from commencement to comply with the legislation. Whilst this period may be sufficient for smaller businesses, larger enterprises, which may be far more complex, could need as much as two to three years to be fully compliant. Getting a head start with compliance activities could prove invaluable to avoid potential fines and possibly imprisonment.
A failure to comply with the POPI Act could expose businesses to fines from the regulator of up to R10-million or in certain instances of non-compliance, a court sanctioned fine and/or a period of imprisonment of up to 10 years.
If you have not already started with integrating the POPI Act's requirements into your business, you should consider starting now. Here is how you can get your house in order:
If you are in doubt about any aspect of the POPI Act, and what may be required to comply, specialist advice should be sought.
It is crucial that every business familiarise itself with the rights and obligations in the POPI Act to safeguard both its customers and its business interests. Notwithstanding that the POPI Act is not yet fully effective, any compliance activities undertaken now will bring your business closer to compliance with the POPI Act and may prevent your organisation from becoming a victim of cybercrime. It is advisable to put steps in place to prevent cybercrime from occurring, rather than attempting to mitigate the adverse effects once an incident occurs.