Close Menu
  • Homepage
  • News
  • Cloud & AI
  • ECommerce
  • Entertainment
  • Finance
  • Opinion
  • Podcast
  • Contact

Subscribe to Updates

Get the latest technology news from TechFinancials News about FinTech, Tech, Business, Telecoms and Connected Life.

What's Hot

The Strait of Hormuz is in trouble: How can office workers earn passive income through the MoneySimpler platform?

2026-07-16

Financial Affordability Assessments in Gambling: What it Means

2026-07-16

Vodacom, Wits Partner To Develop Africa’s Future Leaders

2026-07-16
Facebook X (Twitter) Instagram
Trending
  • The Strait of Hormuz is in trouble: How can office workers earn passive income through the MoneySimpler platform?
Facebook X (Twitter) Instagram YouTube LinkedIn WhatsApp RSS
TechFinancials
  • Homepage
  • News
  • Cloud & AI
  • ECommerce
  • Entertainment
  • Finance
  • Opinion
  • Podcast
  • Contact
TechFinancials
Home»Opinion»One Year Of POPIA: Have You Done Enough?
Opinion

One Year Of POPIA: Have You Done Enough?

ContributorBy Contributor2022-07-07No Comments4 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
PoPIA
Data protection: Image source: Celagenix
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

The first of July 2022 marks the one-year anniversary of the compliance deadline of the Protection of Personal Information Act No 4 of 2013 (“POPIA”) for all organisations. While the operational provisions of this Act became effective on 1 July 2020, a one-year grace period was granted to allow businesses to effect the necessary changes. This resulted in a compliance drive to bring various information practices in line.

Compliance with this Act requires ongoing vigilance. At this stage, it is imperative that organisations understand the implications of their personal information practices and put in place systems and measures to manage both their existing and ongoing obligations.

What has happened since POPIA came into effect? 

In order to address compliance with POPIA, your organisation has most likely had to:

  • Undertake exercises in training staff to comply with POPIA across all operations;
  • Conduct personal information impact assessments to address areas of non-compliance;
  • Address issues relating to the consent, transfer and sharing of personal information with third parties (i.e. suppliers, customers etc); and
  • Navigate the intricacies of dealing with incidents of data breaches.

Compliance with POPIA has in certain circumstances necessitated a fundamental shift in the manner in which businesses approach various aspects of their operations. With this shift has come various challenges in accommodating such a transition.

Examples include:

  • There has been a slow uptake in the registration of Information Officers;
  • Many organisations are yet to put in place or update their existing Promotion of Access to Information Manual (“PAIA Manual”) as required; and
  • There are still issues in the interpretation of certain provisions of POPIA which remain uncharted territory and must be navigated through the use of the appropriate processes and legal mechanisms.

Over the past year, developments in case law relating to Data Privacy have aided us in better understanding the compliance requirements set out in POPIA. However, this understanding must be accompanied by practical guidelines to assist organisations in the development and implementation of compliance programmes that take into account their specific needs and operational parameters.

How to ensure your compliance: 

To address any potential compliance gaps within your business, a number of fundamental steps should be considered and taken. These may include:

  • Conducting a gap analysis to determine your organisation’s readiness for POPIA;
  • Undertaking Data Mapping exercises to understand the type of information processed by your organisation and for what purpose, such information is processed;
  • Considering the relevant data transfer requirements and how they may affect your company’s commercial arrangements with third parties or the sharing of data between companies;
  • Updating the PAIA manual to accord with the relevant requirements set out in PAIA (as amended) and POPIA;
  • Developing a culture of privacy by:
  • Conducting an awareness campaign;
  • Training staff; and
  • Updating the relevant organisational policies.
  • Updating customer and supplier contracts to ensure they accord with the relevant requirements set out in POPIA;
  • Preparing the relevant consent and notification documentation;
  • Implementing a system for Data Subject access management; and
  • Preparing and/or updating a Data Breach Incident Response Plan.

The above-mentioned steps are useful in establishing certain best practices in your organisation’s POPIA compliance journey; however, ongoing obligations necessitate a constant review of your organisational processes to ensure that they do not fall short of the POPIA requirements over time.

How to educate yourself further 

In recognition of the one-year anniversary of POPIA, CMS will be publishing a series of articles to take stock of the relevant developments since the enactment of POPIA, which will broadly deal with:

  1. The Role of Employees in Data Protection Compliance Programmes;
  2. Understanding Personal Information Impact Assessments;
  3. The Management of Data Transfers;
  4. Notifications and disclosures of Processing Activities;
  5. Understanding the various types of Cyber Risk; and
  6. A broad account of Data Breaches.

Understanding the intricacies and implications of the requirements set out in POPIA will require your active engagement and consultation to test your operations against the prescripts of the Act. It is not sufficient to deal with your obligations on a theoretical basis alone, as the requirements relating to various organisations may differ on a case-by-case basis. Compliance with the present and ongoing obligations of POPIA must be accompanied by a practical process that allows your organisation to meaningfully measure compliance and address the deficiencies identified.

  • Zaakir Mohamed, Director: Head of Corporate Investigations and Forensics; Savanna Stephens, Senior Associate: Corporate and Commercial; and Mawande Ntontela, Associate: Corporate Investigations and Forensics, at CMS South Africa
POPIA POPIA Compliance Protection of Personal Information Act
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Contributor

Related Posts

From Innovation To Application: AI In The Business Of Property

2026-07-14

What We Can Learn From AI Skeptics

2026-07-14

If Your Wallet Only Works In One Shop, It Isn’t Really Money

2026-07-09

The Case For Grid Defection – Why South African Residential Estates Are Choosing Energy Independence

2026-07-08

Every Year We Lose 12,000 South Africans On Our Roads. We Already Have The Tech To Change That

2026-07-08

The Risk Of AI Tunnel Vision In IT Efficiency

2026-07-03

South Africa: AI And Cyber Insurance: A Market In Transition

2026-07-01

African Expansion Still Appeals To Banks. The Real Risk Is Thinking The Old Playbook Still Works

2026-06-29

Cash Is Still King: The SARB’s Cash Smart Strategy

2026-06-29
Leave A Reply Cancel Reply

DON'T MISS
Breaking News

Eskom Green Secures Final PFMA Approvals, Targets 32GW Utility-Scale Renewable Push By 2040

South Africa’s energy landscape enters a transformative new chapter this week as Eskom Holdings secures…

From Innovation To Application: AI In The Business Of Property

2026-07-14

SA FinTech Float Exports Card-Linked Instalment Innovation To The UK

2026-07-08

South African AI Coding Startup HyperDev Secures R16 Million Pre-Seed Funding Amid Explosive User Growth

2026-07-06
Stay In Touch
  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
OUR PICKS

Amazon Leo Names Herotel, Maziv As Distributors In Starlink Battle

2026-07-15

Giant Data Centres Get The First Green Light From Cape Town Tribunal

2026-07-15

Eskom Launches Eskom Green, A Dedicated Renewable Energy Business

2026-06-09

Why South Africans Are No Longer Switching Mobile Phone Operators?

2026-06-01

Subscribe to Updates

Get the latest tech news from TechFinancials about telecoms, fintech and connected life.

About Us

TechFinancials delivers in-depth analysis of tech, digital revolution, fintech, e-commerce, digital banking and breaking tech news.

Facebook X (Twitter) Instagram YouTube LinkedIn WhatsApp Reddit RSS
Our Picks

The Strait of Hormuz is in trouble: How can office workers earn passive income through the MoneySimpler platform?

2026-07-16

Financial Affordability Assessments in Gambling: What it Means

2026-07-16

Vodacom, Wits Partner To Develop Africa’s Future Leaders

2026-07-16
Recent Posts
  • The Strait of Hormuz is in trouble: How can office workers earn passive income through the MoneySimpler platform?
  • Financial Affordability Assessments in Gambling: What it Means
  • Vodacom, Wits Partner To Develop Africa’s Future Leaders
  • Eskom Green Secures Final PFMA Approvals, Targets 32GW Utility-Scale Renewable Push By 2040
  • The Range Rover Sport Is Going Electric – Looks Almost Identical To Its Combustion-Engine Sibling
TechFinancials
RSS Facebook X (Twitter) LinkedIn YouTube WhatsApp
  • Homepage
  • Newsletter
  • Contact
  • Advertise
  • Privacy Policy
  • About
© 2026 TechFinancials. Designed by TFS Media. TechFinancials brings you trusted, around-the-clock news on African tech, crypto, and finance. Our goal is to keep you informed in this fast-moving digital world. Now, the serious part (please read this): Trading is Risky: Buying and selling things like cryptocurrencies and CFDs is very risky. Because of leverage, you can lose your money much faster than you might expect. We Are Not Advisors: We are a news website. We do not provide investment, legal, or financial advice. Our content is for information and education only. Do Your Own Research: Never rely on a single source. Always conduct your own research before making any financial decision. A link to another company is not our stamp of approval. You Are Responsible: Your investments are your own. You could lose some or all of your money. Past performance does not predict future results. In short: We report the news. You make the decisions, and you take the risks. Please be careful.

Type above and press Enter to search. Press Esc to cancel.

Ad Blocker Enabled!
Ad Blocker Enabled!
Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.