POPI and your business

“I have a small insurance brokerage firm with a number of private clients. To service my clients I have to obtain and keep personal information of them on file. Is POPI going to affect me and will I have to change the way I am currently dealing with my client information?”

The promulgation and phased implementation of the Protection of Personal Information Act 4 of 2013 (POPI), has many businesses wondering, as in your case, whether its commencement will affect the manner in which their business collects and stores the information of clients. This concern is well founded as POPI makes it clear that a failure to comply with it when fully operational, could result in hefty administration fines as well as reputational risk due to non-compliance.

POPI has its roots in the Constitution and aims to promote the protection of the right to privacy with regard to the processing of personal information, and to balance this right against other rights, such as the right of access to information. This includes the collection of personal information and the manner in which such information is used, processed and stored.

POPI applies to the processing of personal information by or on behalf of a responsible party by automated or non-automated means. A “responsible party” is widely defined as “a public or private body or any other person who determines the purpose of and means for processing personal information”. POPI goes even further by also including persons, termed “operators”, who process information on behalf of a responsible party in terms of a contract or mandate. As a consequence, POPI therefore demands that, not only the responsible party, but also the operator which it mandates, must ensure that any personal information acquired is adequately secured and that there are strict measures that meet the requirements of POPI in place for the processing thereof. 

From the broad definition of a responsible party as well as personal information, it is clear that your business will most likely be subject to POPI and you would need to ensure that how you deal with such personal information, is POPI compliant. Fortunately, all of the provisions of POPI are not yet operational, and once they become operational, businesses will be granted a twelve month grace period to address their compliance. But time flies quickly, and it would be advisable to use the available time wisely and not delay in obtaining help to conduct an audit of your business and establish whether you are POPI compliant or not, then determine what steps you can take to address any compliance issues and ensure that your reputation remains sound with clients by being fully compliant.

November 9, 2015
Fee or tax? The court decides

Fee or tax? The court decides

With effect from 1 July 2025, the City of Cape Town introduced three new charges on residential rate bills. These charges were challenged by the South African Property Owners’ Association (SAPOA) and AfriForum, who argued that they were unlawful and improperly calculated. The dispute culminated in court applications seeking declaratory orders that the charges were invalid because they were inconsistent with the Constitution, national legislation, and the City’s own By-Laws.

Pay first… maybe not

Pay first… maybe not

For decades, the South African Revenue Service (“SARS”) has relied on the “pay now, argue later” rule as a cornerstone of tax administration. This principle permits SARS to collect disputed taxes before the underlying dispute has been resolved, often placing significant financial strain on taxpayers. While the rule serves an important fiscal purpose, it also raises critical questions regarding fairness, proportionality, and the limits of administrative discretion.

Sign up to our newsletter

Pin It on Pinterest