PoPI Act Compliance & Certification

What does PoPI Act Compliance mean?

Any entity that processes any Personal Information has to achieve PoPI Act Compliance. 

You need to have a plan in place to ensure the safety of all the Personal Information that you process and measures to ensure that you are allowed to process the Personal Information.

Failure to comply can lead to fines and/or prison.

How do I achieve PoPI Act Compliance?
  • Our Compliance Certification Portal will help you manage your whole PoPI Act Compliance journey.
  • It will guide you through what you need to do to become compliant.
  • It will also generate the documentation, declarations, policies, forms and registers you will need.
  • It will keep you up to date as the Law and/or Regulations change, and as you progress with your own compliance journey.
  • The portal will take you through 25 Sections of the PoPI Act asking you simplified relevent questions to your entity to determine your compliance status, building customised documentation for your entity, and giving you a plan of things to work on to become PoPI Act Compliant where necessary
Find Out More >
Your access to our services are subject to your acceptance, without modification, of all of the terms and conditions contained herein and all other operating rules and policies published and that may be published from time to time by us.

Please read the Agreement carefully before accessing or using our Services. By accessing or using any part of our Services, you agree to be bound by these Terms. If you do not agree to any part of the terms of the Agreement, then you may not access or use our Services.
What are the Main Pillars of Compliance?
  • An Information Officer needs to be assigned and registered with the regulator
  • A Framework needs to be developed around how you process Personal Information
  • Your Data Subjects need to give you consent to process their Personal Information and be aware of how you plan on using their Personal Information.
  • You must not misuse your Data Subjects Personal Information and safe guard it to ensure other third parties cannot misuse it as well.
The 8 Protection Principles of Lawful Processing:
  • Accountability > Section 4
    The Responsible Party’s needs to ensure that the conditions imposed by the Government have been properly complied with.
  • Processing Limitation > Sections 4, 5, 6
    Personal Information must be processed for the purpose for which it was obtained.
  • Purpose Specification > Section 7
    Information is only collected, used and stored for carefully defined purposes and time.
  • Further Processing Limitation > Section 9
    Personal Information can only be reused if this usage aligns with the original purpose of collection.
  • Information Quality > Section 10
    Personal Information usage must be guided by ‘quality over quantity’ and therefore a Responsible Party needs to ensure that the Information it manages is complete, accurate, not misleading in nature and updated wherever necessary.
  • Documentation > Section 11
    The Responsible Party should be fully compliant with The Promotion of Access to Information Act (2002), and ensure that no Information is collected unless the data subject fully understands and appreciates the implications of sharing their Information.
  • Security Safeguards > Sections 13, 14, 15, 16
    The Responsible Party needs to ensure all Personal Information is securely and safely stored and processed.
  • Data Subject Participation > Section 17, 18, 19, 20
    The Responsible Party should have measures in place to answer any questions about or update any data subjects Personal Information.

Information Regulator

Scroll To Top