By Use Case
By Industry
By Department
The Protection of Personal Information Act, referred to as POPI or PoPIA, is South Africa’s equivalent of the EU’s General Data Protection Regulation (GDPR). POPI applies to processing of personal data for both South African citizens and those living in South Africa.
Keeping up with global privacy and information processing standards, POPI regulates the protection of personal information. The purpose of POPI is to comply with South Africa’s constitutional right to privacy. The right to privacy includes the right to protection against the unlawful collection, retention, dissemination and use of personal information.
POPI governs the processing of personal information by South Africans and by international organizations that operate in South Africa. POPI requires government entities, private companies and nonprofits to consider the relationship between further data use and its original purpose, the nature of the information, potential consequences of further use, how the organization collected the data and contractual rights. For most South African companies, the biggest change is the introduction of restrictions for processing special types of personal information (including children's data). Marketing, healthcare, and the financial industry are among the most affected because they deal with the highest volume of personal information.
Data can be processed without restrictions if:
Public and private organizations have until June 30, 2021 to comply with POPI.
