Frequently Asked Questions (FAQ) & Answers Section

FAQ > What does PoPIA mean?

The PoPI Act (PoPIA) stands for the Protection of Personal Information Act, Act No. 4 of 2013 or PoPI Act. This is the new law and is something that most (if not all companies) will need to follow. Source

FAQ > What is PoPIA in South Africa?

The Protection of Personal Information Act 4 of 2013 (PoPIA) is the comprehensive data protection legislation enacted in South Africa. PoPIA aims to give effect to the constitutional right to privacy, whilst balancing this against competing rights and interests, particularly the right of access to information. Source

FAQ > What is the PoPI Act 2021?

The PoPI Act is a new legislation that safeguards the integrity and sensitivity of private information. Organisations & Corporations are required to carefully manage the data capture and storage process of Personal Information within the lawful framework as set out in the PoPI Act.

The PoPI Act applies to everybody who processes any type of records that contain personal information of people. It therefore lays down the minimum standards for the protection of personal information. Processing comprises the collection, receipt, recording, organising, retrieval or use of such information. Source

FAQ > How do I comply to PoPIA?

A guideline to comply to PoPIA

FAQ > Who is exempt from PoPI?

Section 37 >The Regulator may, by notice in the Gazette, grant an exemption to a responsible party to process personal information, even if that Processing is in breach of a condition for the Processing of such information, or any measure that gives effect to such condition, if the Regulator is satisfied that, in the circumstances of the case—

FAQ > Do I need a PoPIA manual?

It is a criminal offence not to have an Access to Information manual if you are required to do so, and you could face some hefty fines if you do not comply. Currently, the Information Regulator is not issuing fines for non-compliance, but whether this will remain the case is unknown. Source

FAQ > Does PoPI apply to Facebook?

In so far as any pictures or video taken or views shared are disseminated on social media or any other platform in a personal capacity, PoPIA arguably does not apply. Source

FAQ > Do I need a Popia manual?

What is it anyway? The Promotion of Access to Information Act (PAIA) says that all public and private bodies in South Africa need to create a manual that contains, amongst other things: The postal and street address, phone and fax number and, if available, e-mail address of the head of the body. Source

FAQ > Who needs to comply with Popia?

The Act applies to any person or organisation who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently. It therefore sets the minimum standards for the protection of personal information. Source

FAQ > Is WhatsApp Popi compliant?

Although “purely personal” and “household” are not defined in the Act, we can take their ordinary meanings and apply them to the WhatsApp context. Where a WhatsApp group is created to facilitate family related or personal matters, as in between family, friends or acquaintances, then POPIA will not apply. Source

FAQ > Can you sue someone for exposing you on social media?

Can You Sue Someone for Defamation on Social Media? Yes, you can sue for social media defamation. However, while it may seem natural to want to sue the social media platform for defamation, your best option is to file a defamation lawsuit against the individual poster or commenter. Source

FAQ > What does the POPI Act say about WhatsApp?

The Protection of Personal Information Act (POPIA or POPI) came into effect on 1 July. The act affects how business WhatsApp groups function but has no impact on personal groups. The POPIA promotes the protection of personal information processed by public and private bodies. Source

FAQ > Does Popi apply to publicly available information?

However, there is an exception to this rule saying that you do not need to collect information directly from a person if the person has made the information publically available and accessible. This doesn’t mean that the rules of POPI won’t apply to the information once it’s been collected. Source

FAQ > Who is the PoPI regulator?

On the 7th September, the National Assembly voted in favour of Advocate Pansy Tlakula being appointed as the National Information Regulator. This enables the President to proclaim the Protection of Personal Information Act (POPI) effective and operational. Source

FAQ > Is cold calling allowed with Popia?

The good news for telemarketers and consumers (in some cases) is: Yes, cold calling is still allowed under POPIA! Of course, there are rules that regulate the practice under the Protection of Personal Information Act in addition to other legislation that was in place before POPIA was introduced. Source

FAQ > Who enforces the PoPI Act?

The Information Regulator

The Act was partially enacted in 11 April 2014. We are awaiting the commencement date of the other sections of the Act whereby the Information Regulator will start enforcing P
oPI one year after this commencement date. Source

FAQ > Does PoPIA apply to public information?

The Protection of Personal Information Act, 2013 (PoPIA Act) aims to promote the protection of personal information processed by public and private bodies by, among others, introducing certain conditions for the lawful processing of personal information so as to establish minimum requirements for the processing of such information.
The Information Regulator (South Africa) is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the P
oPIA Act. Source

FAQ > What are some of the penalties for failing to adhere with PoPIA?

The PoPI Act aims to protect South Africans’ right to privacy by regulating how personal information is processed by marketing companies and others. Failure to comply with the Act will result in a hefty fine of up to R10 million, or jail time. Source

FAQ > Do trusts have to comply with Popia?

All business and legal entities, whether owned by individuals, companies, partners, sole proprietors, close corporations, NGOs/PBOs, associations and business trusts, including dormant entities, are required to comply with POPIA. Source

FAQ > What is PoPIA compliance?

POPIA requires all companies, organisations, legal entities and websites, irrespective of their physical location, that processes the personal information of a South African to comply with the data processing law of obtaining the correct consent from their users or customers to use their information. Source

FAQ > What is PoPIA good for?

The mandate of South Africa’s Protection of Personal Information Act (POPIA, formerly known as PoPI) is to regulate the processing of personal information. With this Act, data breaches need to be reported by law. Source

FAQ > What is GDPR and PoPIA?

The GDPR defines a data processor as a ‘natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. ‘ The GDPR applies to data controllers and data processors who may be public bodies. PoPIA only protects living individuals. Source

FAQ > Does South Africa follow GDPR?

The GDPR is an EU regulation. It does not have general effect in South Africa and is not a local law in this country. Source

FAQ > Is PoPIA like GDPR?

PoPIA applies to the personal data of any individual—regardless of their nationality. So while the GDPR is only designed to protect EU citizens, the PoPIA covers anyone whose personal data is processed within South African territory or by a South African undertaking. Source

FAQ > Which countries does GDPR apply and which countries does PoPIA apply?

The GDPR applies to any data processing activities that are done by a controller (called a responsible party under PoPIA) in the EU. It also applies to all processing of personal data of data subjects residing in the EU even if the entity processing the data is not in the EU. Source

FAQ > What are the Popia requirements?

Data collection (type of data, purpose, consent, legal aspects, minimality, and transparency) Data access and accuracy (correct, complete, reliable and process of updating information) Data usage and restrictions (purpose, relevance, restrictions, legality, permission, limitations). Source

FAQ > Does Popia only apply to humans?

However, POPIA also includes in its definition of data subjects companies, organizations and other legal entities, while the GDPR strictly limits its definition to human individuals. Source

FAQ > What happens if you don’t comply with Popia?

For the more serious offences the maximum penalties are a R10 million fine or imprisonment for a period not exceeding 10 years or to both a fine and such imprisonment. Source

Frequently Asked Questions (FAQ) & Answers, including sources from Google search