POPI ACT – South Africa’s Protection of Personal Information Act

July 1, 2021
POPI Act

POPI Act in South Africa – As of the 1st of July 2021, all South African companies need to be POPIA compliant. The operative provisions of the Protection of Personal Information Act (POPIA) came into effect as of 1 July 2020, with a grace period of a year in which companies must ensure that they are actively compliant.

If your company is not yet POPIA compliant please see the checklist below of how you can ensure your website is POPIA compliant within South Africa.

Please note that the checklist below should in no way to be construed as a substitute for seeking legal advice to ensure that your business is fully compliant with the requirements of POPIA. The list below is a general checklist that you can use as a useful guide to help you on your way:

  1. First off, here is a general checklist from BusinessTech.co.za of everything you need to know about POPIA within South Africa.
  2. Put simply, this POPI Act is concerned with protecting the personal information of others. So when considering your own business website, you need to ensure you have a decent and professional Privacy Policy presented on your website. This way, users are able to be confident that their personal information is safe and secure when doing business with your company. See our client DAC Systems for an exemplary privacy policy.
  3. All information about a user can only be taken or used with the user’s consent. For example, if a user fills out a contact form and then gets added to a mailer without their consent you are violating the POPI Act. The user needs to be asked, ‘Would you like to be added to our Newsletter?’ If they choose to say yes, then it is by consent that you can now send them regular business newsletters.
  4. When you receive a user’s personal information, even after they have granted you consent of their personal information, this by no means allows you to sell or share their information with any other individuals or businesses. Sharing others’ information is a violation of the POPI Act, as they have only given you consent to use their information in your personal capacity.
  5. All users have the right to extract their information from you at any time, even without notice. You could use an ‘unsubscribe to newsletter’ type function for this regarding newsletters, and if a client emails you directly to delete all their information, you must do so immediately and without argument.
  6. If you are looking to get information out of a user, using a website form for example, the user needs to know exactly what their information is going to be used for. This is why your terms on your website is of utmost importance. You should provide a detailed description of how their information will or will not be used. In addition to this, you should inform them that they have the right to extract their consent at any time.
  7. Most websites use cookies to pick up certain information from a user when they visit a website. These cookies are used for websites to re-market those users, extract data from users for analytical purposes and so on. This is normally done without a user even knowing about it, which is a violation of the POPI Act. Yes, cookies are an essential part of all websites nowadays, but the user still has the right to know what is happening when they hit your website. This is where we can help you, read more about this below.

We have partnered with a company, that has a tool that picks up all of your website’s cookies and all of your websites cookies information automatically within a popup on the bottom of your website, so your users can read exactly what your website is doing with their information. The user can decline or accept the cookie, or choose what cookies they are willing to accept. The user can even change their consent if they change their mind. Then we setup a Cookies consent page that all users may view at any time, defining in detail what all the cookies entail etc. as well as a way to change their consent to use cookies on your website.

Please view more about this by following this link: https://www.cookiebot.com/en/popia/

If you would like us to set this up for you and get your website fully compliant with Cookies, follow this link to apply: https://manage.cookiebot.com/goto/signup?rid=E7ELL (After following this link you will find an example of the consent popup at the bottom of the page.)