
Top stories






More news










Marketing & Media
Chicken Licken bravely debones a rare phobia with their latest campaign
Joe Public 3 days



Kindly note: This article does not constitute legal advice, and it should not be interpreted as such. This is the opinion of Company Partners based on its experience and should be accepted as such. It is recommended that you approach a suitably qualified legal practitioner and/or POPI specialist for assistance with your compliance.
Over the past month, a lot of SME’s in South Africa have been in a panic, trying to figure out exactly what is needed to ensure they comply with POPI. This is mostly due to lack of practical guidance provided by government on how a Small Businesses (who cannot afford an expensive POPI Compliance Specialist) should go about getting their compliance in place.
Mostly commercial and labour law. My colleagues and I have recently shifted our focus to POPI Compliance – up to date we have assisted over 200 businesses of all sizes to get fully POPI Compliant.
In the case of most laws, you will rarely find a straight “yes” or “no” answer. In the case of POPI – if your answer if “yes” to the questions below, you need to become POPI Compliant.
Example: Mr Smith is a plumber and sends a quotation to Ms Jones (which contains her cell number; address; email address). He captured Ms Jones personal details in his diary. He entered the information onto an invoice generator to prepare the quote, which he saves on his phone.
So that basically includes 99% of all trading business in South Africa. In legal terms you are seen as a “Responsible Party” - a body who determines the purpose and means of how personal information is processed.
Once again, this is one of those “yes/no” answers. I will try and keep it simple and straightforward so that it makes sense.
Simply put, yes, they the Information Regulator has a lot of powers. Let me list some of the important ones relating to your business: assessing your business in terms of POPI compliance; investigate any complaints it receives in terms of your business and resolving any disputes failing which they can enforce compliance. The Information Regulator can also make rules (i.e., Code of Conduct) for a particular industry. The Information Regulator can even sue you for damages in Civil Court.
Other than the normal powers and functions which most government bodies have, and which sets POPI apart, are fines and imprisonment they can enforce for breaching POPI (in some instances). The Maximum fine they can issue is R10m and/or a 10-year prison sentence. Remember, they are empowered to enforce “either or” which means you can end up receiving the thick part of the stick and sit in jail for 10 years with a R10m fine.
These first few years of the Information Regulators coming to life, will be the most telling. As there should be a large number of complaints made by individuals and companies alike.
Yes, there are certainly charlatans out there portraying themselves as “Specialists” when it comes to POPI – so businesses must be careful and only get the assistance from the appropriate qualified legal practitioners (amongst others).
Unfortunately, there is no reliant way of becoming POPI Compliant without using your lawyer or a ‘real’ specialist to some degree.
Click HERE if you’d like an expert, like Matthew, to assist you with your POPI Compliance Now.
There has been a small amount of qualified legal practitioners, such as me, who have adjusted our normal extensive and expensive POPI Compliance process into a “let’s cover the basics for cheap” process. That would be the best route for start-ups and SMME’s to take, or rather to get you as compliant as reasonably possible.
The alternative is to navigate through the POPI Act yourself. Then you can fix what you think needs fixing in your company yourself using the free resources out there; and then ask your lawyer to just do a ‘double-check’ and signoff as a third party that you have all your ducks in a row. That should also not break the bank.
As POPIA Compliance is such a ‘new compliance requirement’ for business, even some lawyers out there are still misinformed, and this creates a lot of confusion for most business owners. So effectively the process is overcomplicated by many.
We, amongst others who have simplified the service, are focussing on the pure ‘basics’ which the POPI Act requires you to have in place. To simplify the admin, we divide the service into 3 steps:
We guide you through a small ‘POPI Audit’ of your Company.
Working with the information you have provided; we advise you on the right Policies and Procedures to ‘fix’. These POPI Compliance Docs are also offered in different packages ranging from simple to comprehensive, to fit every budget and business.
Once you have the proof in place you receive a “Certificate of POPI Compliance” which is basically a confirmation from a registered lawyer that you have taken reasonable steps to become POPI Compliant or bringing your company as reasonably close as possible to compliance. Clients must always remember that compliance is an ongoing process.
We package these steps into a package which costs under R4000 to assist you to get POPI compliant. Click here for more info on our POPI Compliance Certificate service.
Sure. As mentioned, if you are a business trading in South Africa who deals with ANY Personal Information, you need POPI. So, this is the approach we take:
As with many things in life, before you can see what your missing, you need to know what you have. This is where we jump in and conduct what we call a “POPI Gap Audit” of our clients to determine what they have in place to meet the requirements of POPI and then highlight the shortcomings. We then guide them on closing these shortcomings.
Here are a few basics in most small businesses:
You have taken stock of your business and its measures to comply with POPI (even if you didn’t know it was applicable). So now you get fix whatever needs fixing. The next question we get a lot is what else do you actually need to be fully compliant? In simple terms it depends on the structure / nature of your business.
However, in general terms you will have to look at putting the following in place (not a closed list) to finalise the POPI Compliance process:
Basically… Your POPI compliance has now been setup and you can sleep easy tonight. Unfortunately, it is not a once-off process. You will have to create reminders for yourself to frequently review your compliance and implement some practical steps to safeguard your infrastructure / client personal information. Such as:
We hope this was of value and pointed you in a more concrete direction to get your compliance sorted. Remember, POPI compliance is not a “copy-and-paste” job. Each business is different and as such the compliance will differ.
Reach out should you require assistance with your POPI Compliance; our details can be found at https://ptycompanyregistration.co.za/contact-us/.