POPI Act - implications for various business areas

02 July 2020 Cliffe Dekker Hofmeyr

The long-awaited Protection of Personal Information Act 4 of 2013 comes into force on Wednesday 1 July 2020, and companies will have a period of one year to get their ducks in a row or risk substantial fines and even imprisonment.

From employee data, to direct marketing, e-commerce and the implications for the real estate industry – the impacts of the Act are far reaching. While it is incredibly detailed, the Act also still requires a vast amount of clarity in many areas.

Experts from commercial law firm, Cliffe Dekker Hofmeyr have compiled a detailed handbook from various practice areas explaining how the Act impacts businesses in various ways.

Highlights include:

  •  What is personal information? 4 key areas of personal information collection that businesses need to be aware of (page 3)
    o Market research via direct marketing
    o Online data collection
    o Employment agreements
    o Service level agreements
  •  POPI and its increased liability for employers 

As an employer, you may be held liable for the actions of your employees, regardless of whether you intended the outcome or not. What can you do to avoid this?

  •  Grey areas – What is meant by “further processing” and the defense of “legitimate interest”? And what does this mean for your business?
  •  Five legal tips for direct marketing
    When last did you get a call or auto-voice SMS trying to sell you something you don’t need? Internationally, direct marketing related personal information data breaches are attracting heavy fines by regulators, British
    Airways, Facebook and Yahoo already having attracted fines in the region of US$500,000. POPI now regulates direct marketing strictly and companies better ensure that they are compliant - whether it’s direct marketing by post, telephone, email or SMS.
  •  Has the role of the Information Officer changed? CEOs take heed
    Previously, the role of the Information Officer was governed by the provisions of the Promotion of Access to Information Act 2 of 2000 (PAIA).Under PAIA, the Information Officer was the individual tasked with ensuring
    compliance with its provisions – and this responsibility is automatically assigned to the head of an organisation (be it the chief executive officer or otherwise). Under POPI, this responsibilities for this person expand.

What about the real estate industry? Lease agreements, sales of property, FICA compliance affidavits, bond approvals, mortgage bonds, notarial bonds, ante nuptial contracts and deeds of transfer. The real estate sector is personal information heavy. Here is what role players need to know.

  •  POPI FAQs
    o Data breach – now what? Understand the POPI requirements for companies should a data breach occur
    o My business operates in other jurisdictions such as the European Union. If the business complies with legislation such as the European Union’s General Data Protection Regulation (GDPR), does this automatically mean that it will be POPI compliant?
    o What constitutes a POPI policy?

Click here to download the full guide.

Quick Polls


Many legacy RAs allow an insurer to take up to 30% of the accumulated capital upon early exit. “This is just one of countless examples of shocking product design that is 100% engineered by insurers to extract punitive fees from clients...".


fanews magazine
FAnews June 2020 Get the latest issue of FAnews

This month's headlines

The crisis is not over
Ethics of lockdown - What value is attached to a human life?
Pandemic redefines the commercial and legal risk landscape
New partnerships needed to create an epidemic and pandemic risk programme
Credible statistics create much needed certainty
SA fixed income: Searching for value in a sea of pandemic risk
Subscribe now