The Protection of Personal Information Act requires every public and private body to comply with the 8 principles that prescribe the minimum requirements for the processing of personal information in South Africa. Public and private organizations should be mindful of the rights and duties of persons to protect their personal information from processing that is not in accordance with the Protection of Personal Information Act.

The POPIA Act applies to everyone in South Africa who processes the personal information of any South African citizen or organization to protect personal data. This act went into effect on July 1, 2020, and all South African organizations are required to comply before the deadline on June 30th, 2021.

Organisations need to understand the requirements of the POPI Act and its 8 conditions, and how these will impact processes, policies, training, technology and security around the data they gather and process. Compliance and IT teams must be proactive to ensure they will be compliant and should consider some fundamental steps.