0861 IRON MTN (0861 476 668)

What You Need to Know About the POPI Act Right Now!

What You Need to Know About the POPI Act Right Now!

POPI Act is the Protection of Personal Information Act of South Africa, also known as the POPIA. The POPI Act aims to regulate how personal information is processed. The bill broadly defines personal information as anything relating to an “identifiable, living natural person or juristic person” (companies, CC’s etc). This includes contact details, demographic information, history (such as employment, financial, criminal or medical history), biometric information, opinions of and about a person as well private correspondence.

Processing is defined as anything done with the personal information, including collection, usage, storage, dissemination, modification or destruction (whether this is automated or not).

To find out more about the POPI Act, download Iron Mountain’s POPIA Quick Reference Guide.


POPI affects companies
POPI will affect every single business operating in South Africa and companies will have just one year to comply with the law. The bill could force companies to drastically rethink how they handle employee and customer data as POPI will strengthen South Africans’ right to privacy by introducing strict measures to regulate the collection, storage and distribution of personal information.

While everyone has heard of POPI, not enough people have realised the direct implications the bill has on their companies. If you have or store data on persons there is a degree that one needs to comply.

Some of the obligations that companies have under POPI are to:

  • Only collect information that you need for a specific purpose
  • Apply reasonable security measures to protect it
  • Ensure it is relevant and up-to-date
  • Only hold as much as you need, and only for as long as you need it
  • Allow the subject of the information to see it upon request

Pros to POPI

Because POPI promotes transparency around information collected and how it’s handled, this openness is likely to increase customer confidence in the organisation.

Compliance involves capturing the minimum required data, ensuring accuracy, and removing data that is no longer required. This seemingly simple requirement could spell massive restructuring, new systems and upgrades for some industries and will require ongoing management of data storage and protection. The plus side is these measures are likely to improve the overall reliability of organisation databases.

Compliance demands identifying personal information and taking reasonable measures to protect the data. If data is well protected it will most certainly reduce the risk of data breaches and the associated public relations and legal ramifications for an organisation.

Risk of non-compliance
The POPI Act allows for a R10 million penalty and/or a jail sentence to be handed down, should an entity be in breach of the legislation. In certain cases, the penalty for non-compliance could be a fine and/or imprisonment of up to 10 years.

While regulators in this country may lack the capacity to respond quickly to non-compliance, increasingly, your primary compliance risks are the people who are directly affected by your decisions. In short, if the law doesn’t find you out, the next time you have a security breach, your customers will!

To find out more about POPI, download Iron Mountain’s POPIA Quick Reference Guide.


Get POPIA complaint
POPI compliance is a complex undertaking that will take time and money. Iron Mountain’s advice for companies is to enlist the service of a professional backup storage provider that will assist with implementing correct compliance requirements.

Iron Mountain, for example, is a trusted global leader in information and records management and many of South Africa’s largest companies trust us with their data. Or facilities and building access protocols and general security conform to the highest standards worldwide.

Using a fully compliant backup storage provider can provide peace of mind to a company knowing the basic obligations of POPI and other related legislation such as Companies Act, the Electronic Communications and Transactions Act, and the Consumer Protection Act are met.

The team at Iron Mountain are committed to providing a leading full-service storage solution that utilises a rock-solid, state-of-the-art storage infrastructure and strong footprint all across the country to transport, store and protect physical data. Partnering with a backup storage provider like Iron Mountain ensures that the best people in the market take care of your most valuable asset – your data.

Head out the cloud
If you want to prevent a security breach of personal information, don’t make the data available on a live platform to be hacked. There is no reason to store thousands of records on your customers, rather maintain a slim database and store the bulk off-site and offline.

The risk of a data breach now outweighs the convenience of having that data readily available. The most trusted and still safest way to store data is on hard media, stored off-site at a secure, climate controlled facility.

It’s also important to conduct regular security audits and make sure you are not left exposed to getting hacked. Human error still needs to be accounted for and employees should be educated on the laws and policies that affect customer data and be trained on the actions required to keep it safe.

To find out more about POPI, download Iron Mountain’s POPIA Quick Reference Guide.


If you would like to know more about POPI and how to ensure your compliance, contact Iron Mountain now.


Get Iron Mountain SA News & Blog Notifications

Document Imaging & Scanning from Iron Mountain South Africa

We keep your data private and share your data only with third parties that make this service possible. Read our Privacy Policy.