What is POPI?
The Protection of Personal Information Act, referred to as POPI or PoPIA, is South Africa’s equivalent of the EU’s General Data Protection Regulation (GDPR). POPI applies to processing of personal data for both South African citizens and those living in South Africa.
A brief history of POPI
Keeping up with global privacy and information processing standards, POPI regulates the protection of personal information. The purpose of POPI is to comply with South Africa’s constitutional right to privacy. The right to privacy includes the right to protection against the unlawful collection, retention, dissemination and use of personal information.
Who does POPI apply to?
POPI governs the processing of personal information by South Africans and by international organizations that operate in South Africa. POPI requires government entities, private companies and nonprofits to consider the relationship between further data use and its original purpose, the nature of the information, potential consequences of further use, how the organization collected the data and contractual rights. For most South African companies, the biggest change is the introduction of restrictions for processing special types of personal information (including children's data). Marketing, healthcare, and the financial industry are among the most affected because they deal with the highest volume of personal information.
Data can be processed without restrictions if:
- The data subject consents
- The information came from the public record
- The law requires further use of the data
- The information is related to national security
Public and private organizations have until June 30, 2021 to comply with POPI.