The top five things to consider in your POPIA compliance

The top five things to consider in your POPIA compliance

Written by Staff Writer


By Maeson Maherry, CEO, LAWtrust Information Security


Protection of Personal Information Act (POPIA)

The  passing of the Protection of Personal Information Act (POPIA) aims to secure and protect consumers’ and companies’ personal information. In adhering to POPIA, businesses should consider several factors to avoid being in violation of the provisions of POPIA.

LAWtrust CEO, Maeson Maherry, says that in order to achieve the protection of consumers’ personal information, POPIA sets conditions for when it is lawful for someone to process someone else’s personal information. As such, becoming compliant will impose an increased governance duty on companies, which in turn will inspire trust in an organisation.

Essentially, POPIA is set-up to protect people from harm by protecting their personal information. With the proper cyber security measures put in place, consumers’ identity will not be stolen, which is important in protecting their privacy.

“Section 19 of POPIA has established a comprehensive set of cybersecurity and data protection duties for responsible organisations. At a primary level, organisations are required to secure integrity and confidentiality of personal information in their possession and under their control by taking all appropriate, reasonable, technical and organizational measures,” adds Maherry.


Top five things to consider in your POPIA compliance:

  • Train personnel: Privacy awareness amongst your team is an ongoing effort. Training is meant to communicate the organisation’s privacy policies and processes, such as data collection and retention, breach or incident reporting. With regular, bite-sized and engaging training, you can ensure that end-users are reminded of their responsibilities on an ongoing basis, as well as receiving advice on how to put security into practice in their day-to-day work lives. 
  • Appoint an Information Officer: The Information Officer is entrusted with great responsibility and a duty to ensure that the organisation complies with both POPIA and PAIA. Depending on the size, scope, and function of your organisation, appoint either a dedicated POPIA compliance officer or a full team.
  • Assign responsibilities: Each business unit or department can start with personal information audits to map what personal information is processed by the business. Determine who is responsible for the collection, processing, storing, managing or destruction of personal information.
  • Analyse what and how Personal Information is processed: Use a broad definition of record types as per POPIA (e.g. CCTV, biometric). Look at various aspects as required by POPIA (including consent, purpose, source, sharing, destruction). Also consider user rights and their management, as well as thinking broadly in terms of the types of devices where data is stored – and represents a security compromise risk.
  • Implement POPI Act compliance policies: The best way to go about this is to draft a privacy policy that is applicable to your organization. In doing so, ensure your policies are reasonable and appropriate and make sure your policies are enforceable. 


“Organisations should have practical compliance measures and employ understandable language in their privacy notices. This will help to ensure compliance, avoid penalties, reputational damage and putting their clients at risk,” concludes Maherry.


*Check out the latest edition of the Public Sector Leaders publication here.

For enquiries, regarding being profiled or showcased in the next edition of the Public Sector Leaders publication, please contact National Project Manager, Emlyn Dunn: 

Telephone: 086 000 9590 |  Mobile: 072 126 3962 |  e-Mail: [email protected]


Subscribe to

Please fill out your details and we will ensure to keep you updated with a weekly bulletin on the latest blog articles we have to share!

Follow us on

You May Also Like…

Speed, Action, Attack – What Does Sustainability Need?

Speed, Action, Attack – What Does Sustainability Need?

The inaugural Future of Sustainability Summit, in partnership with Old Mutual Limited is being held virtually on 30 June and 1 July 2022. Topco Media has created a platform for decision-makers to come together at the Future of Sustainability Summit to share current innovations and solutions that will collectively make an impact on the African continent, not only for the general population, but for investors, consumers, the workforce, and governments alike.