ARTICLES POPI - Archive 2020

Author:  Maryna Botha
17 November 2020


As a business owner, it is likely that you are receiving your fair share of invitations to utilise services of quick fix tools to facilitate and simplify your path to POPIA compliance. It ranges from online self-assessments to autogenerated policies. Whilst many such offerings have very valuable components, they are at the same time akin to aligning your future with the daisy’s answer to he-loves-me he-loves-me-not. It’s far too risky.

The answer to why this is so, is two-pronged: firstly, every business is unique and the collection, use and management of the personal information that it collects, often inadvertently, will differ from business to business. Secondly, POPIA requires that whatever the privacy protection measures that are put in place, must be relevant to that organisation’s day to day affairs.

Think of it in this way, from a POPIA point of view, gathering data for gym contract applicants, differs vastly from the data obtained from a client to sign up for a retail club card (such as a Clicks club card), which in turn is equally distinct from recording details of a student enrolling at a technikon. The collection of email addresses by a restaurant with the intention to use it for future promotions, by a managing agent for purposes of sending invoices to owners in schemes, or by a pharmacy for purposes of notification of repeat scripts, are other examples of processes that appear very similar, but which cannot be likened under POPIA.

Each business must therefore approach POPIA compliance with introspection into its own business footprint. Failing this, a one-size-fits-all approach risks missing the nuances that present. Working on POPIA compliance just for the sake of doing it, will probably be insufficient, frustrate your employees and management team, as well as waste precious time, resources and money on false starts. It is better to adopt a proper due diligence approach and appoint an attorney or consultant to assist with your compliance challenges from scratch.

The original article can be viewed here: