0861 IRON MTN (0861 476 668)

PoPI Act Information Management Best Practices for Startups

All organisations including Startups should implement PoPI Act Best Practices.

The PoPI Act, or to give it its full name, Protection of Personal Information Act, is new legislation dealing with how organisations handle peoples personal information.


What is the Protection of Personal Information Act or PoPI Act?

While many companies may be groaning about yet another piece of legislation that will place additional burdens on them, the PoPI Act remains a fairly positive document.

The PoPI Act deals with the collecting, processing, storage, sharing and maintenance of personal records by South African organisations both public and private.

It aims to bring personal information back under the control of the individuals whose information it is and create accountability where organisations misuse such information

For more information read: ‘Protection of Personal Information Act – A Beginners Guide Part 1


Why does your Startup need to be PoPI Act Compliant?

When it comes to your business there are a number of reasons to be complaint with the PoPI Act.

On one hand there are penalties for non-compliance. On the other hand there are benefits for compliance.

The PoPI Act brings into being an Information Regulator, a watchdog of sorts who will hear complaints about misuse of personal information. The Information Regulator will be a very toothy watchdog indeed and organisations who fail to comply fill face penalties with a serious bite.

The sooner your Startup gets its compliance right the better. In fact it will probably be easier for you to get it right than companies that have been around for a while as you get to start with the proper procedures before bad habits have set in.

It is interesting to note that while no-compliance can hurt you, compliance can be quite beneficial.

A few of the benefits include:

  • Improved quality of information as your collecting and processing procedures become standardised.
  • Opportunities to increase trust with your customers through the acknowledgement of their rights and transparency in how you handle their information.

For more information about why your Startup should become PoPI Act compliant, read: ‘ Protection of Personal Information Act – A Beginners Guide Part 2


What do you need to do to become Compliant?

The next thing you need to know as a Startup is how to become compliant with the Protection of personal Information Act.

Probably the best thing to do is to read the PoPI Act. Click here to read it.

While the Act is fairly long, it is not incredibly complicated. The most important part of the Act you will need to know are the Eight Conditions which deal with the processing of personal information.

Additionally, you will need to look at your current information management processes and take a good look at what personal information you actually need and how you go about collecting it.

You will also need to make sure you are able to adequately communicate to your customers, suppliers, employees and potential customers the manner in which you go about processing their info.

For more details about how to become PoPI Act compliant, read: ‘Protection of Personal Information Act – A Beginners Guide Part 3


When it comes to managing your record and documents, including personal information gathered by your organisation, Iron Mountain are the Specialists.

Contact us today to discuss how we can help you improve your records management and PoPI Act compliance.


Get Iron Mountain SA News & Blog Notifications

Document Imaging & Scanning from Iron Mountain South Africa

We keep your data private and share your data only with third parties that make this service possible. Read our Privacy Policy.