top of page
  • Writer's pictureThe Kaplan Team

Your business and POPIA: 1 JULY IS NEAR

Advocate Tlakula, chairperson of the Information Regulator, confirmed that the one-year grace period given to South African organisations to comply with the Protection of Personal Information Act (POPIA) will not be extended. This means businesses must be compliant by 1 July 2021.

As a business owner you are likely to have been inundated by fear inducing media reports confirming that businesses that are not compliant by the due date, regardless of whether it is intentional or accidental, will face severe penalties. The Act indeed makes provision for fines of up to R10 million and a jail sentence of up to 10 years, depending on the seriousness of the breach; but POPIA’s aim is not to punish but rather to establish good business governance principles with regards to the personal information that businesses deal with.

So, when planning your business’ compliance journey, keep the NIKE strapline in mind: Just Do It. This is best achieved by knowledge and understanding of the requirements of POPIA, rather than fuelled by threats of financial penalties and reputational damage.

POPI in the simplest terms sets out ways in which businesses must deal with the personal information that they hold. This includes personal details of their employees, as well as the personal details of their customers, clients and service providers, whether the customers and clients are individuals or other businesses/entities.

No matter the size of your business operation, you will hold (i.e., record) details of your customers, employees and third parties that provide services to you, online or on paper. As such you should now commence steps to make sure the information is safeguarded as required by POPIA in order to ensure that you are compliant when the Act becomes enforceable in July 2021. The following upcoming publications will elaborate on this aspect in detail:

  1. Complying with POPIA is a requirement for most businesses, no matter their size: how?

  2. Step up IT security to comply with POPI;

  3. Ensuring compliance with POPIA is not an IT responsibility;

  4. Debunking the one-size-fits-all approach to complying with POPIA;

  5. Complying with POPIA is more than just red tape.

Sign up here to receive our upcoming newsletters or contact our professionals on for more information or assistance.

121 views0 comments

Recent Posts

See All



This article is not intended to constitute legal advice and is produced for information purposes only and to provide a general understanding of the legal position relating to the topic. It is recommended that advice relating to the specific circumstances of your situation be sought from our attorneys before acting upon the content of this article. This article was written at a particular point in time and accordingly may not always reflect the most recent legal developments, if any, applicable to the relevant topic. Kaplan Blumberg and its partners and/or employees, are not responsible for any consequences which may follow upon any decision taken to act upon the information provided in this article.

bottom of page