POPI Compliance – The POPI Compliance Manual

The POPI Compliance Manual sets out the specific steps that need to be taken to ensure compliance with the PoPI Act. The POPI Compliance Manual should be read in conjunction with the Act, and covers topics such as data governance, data capture, retention and destruction, as well as employee training.

To ensure Popi compliance with the Act, all organisations need to appoint a Data Protection Officer (DPO) who will be responsible for overseeing data protection within the organisation. The DPO is also responsible for developing and implementing a data protection policy, and must ensure that all employees within the organisation are aware of their obligations under the Act.

The PoPI Compliance Act applies to ANY PERSON (natural or juristic) or organisation that holds any type of records which relates to the POPI COMPLIANCE MANUAL of ANYONE.

ANY PERSON: Refers to any natural, or juristic, person, both local and foreign.

WHAT IS PERSONAL INFORMATION?
Any information relating to, but not limited to, the following; age, gender, marital status, religion, ID number, e-mail address, physical address, financial, private or confidential correspondence, telephone number and name and surname.

WHAT DOES THIS MEAN AND WHO NEED TO PRODUCE A POPI COMPLIANCE MANUAL?

  • If you are a natural person living in South Africa, or you are a legal entity that is registered in South Africa you need to be POPI compliant.
  • If you process personal information in South Africa you need to be POPI compliant.

WHO IS EXEMPT FROM COMPLYING WITH POPI AND COMPLETING A POPI COMPLIANCE MANUAL?

  1. The personal information you process is not entered into a record.
  2. The personal information you process is in the course of household activities only.
  3. The information you process is de-identified.
  4. If you are a public body that protects national security.
  5. A cabinet, its committees and the executive council of a province
  6. Courts referred to in Section 166 of the Constitution.
  7. The personal information you process is purely for journalistic, artistic or literary purposes.

You might also be interested in

Company registration documents that are Required

Company registration documents that are Required

If you haven’t done it before, registering a company in South Africa may seem like a daunting task, loaded with red tape and requiring all sorts of documents, but it’s actually quite simple. As long as you know what the statutory requirements are for the type of...

read more

Erasmus Pretorius

With over 23 years of unwavering expertise, I am a seasoned Chartered Accountant committed to financial excellence. My journey in the realm of finance has been marked by astute strategic insights, meticulous attention to detail, and an unyielding dedication to precision. Over the years, I’ve navigated the complexities of financial landscapes, providing invaluable counsel to diverse clients. My proficiency extends across auditing, taxation, and financial management, coupled with a profound understanding of regulatory frameworks. As a registered professional, I have consistently upheld the highest standards of integrity and ethics, earning a reputation as a trusted advisor in the dynamic world of finance.