POPI Act South Africa

POPI – Protection of Personal Information Strategies

POPI Act - Protection of Personal Information Strategies

Compliance to the Personal Information Act (POPI Act) is possible and it can be done in a way that makes immediate business sense. You already know that POPIA is all about protecting other people’s personal information.

In short, if Companies process personal information, the Company is obliged to obtain detailed written consent and instruction on how they may have obtained the information, how the Company handles the information and how and when the Company will destroy the information.

From a business perspective, your clients will ask you for confirmation of POPIA compliance before they pay you – somewhat like clients asking for your BEE certificate. Our advice to you, is to comply to POPIA to avoid penalties and to secure more business.

Here is what you need:

  1. A cost-effective automated online system
  2. And the helping hand of Team Kyra


Cost-Effective System:

  1. A cost-effective system, at its core, is a functional online system that helps you manage your POPIA compliance. It is not an online portal that requires you to populate data fields to create MS Word files.
  2. The aim of a system is to:
  3. Provide the Information Officer of a Company with a structured environment in which the system functionally executes the instructions of the Information Officer.
  4. Moreover, to reduce the number of skilled individuals and their man-hours to around 10% of what it should have been without the system.

If we assume that the POPIA system does everything such a system can do, Team Kyra is your helping hand – the hand that steers your POPIA Willys Jeep clear of the paper-pulp-quicksand that sucks the Company dry of revenue-generating man-hours.

The Helping Hand

  1. Team Kyra helps you to start up the online POPIA management system and will show you how best to manage the system to save you as many hours as possible;
  2. And, like any system, a relatively small manual part of the implementation remains and the object of Team Kyra’s effort will be to reduce that manual part to around 10% of what it would have been.
  3. In our experience, a full POPIA implementation takes around two days per month for four months – these numbers may be less depending on the available internal human resources.


Legal Aim of POPIA

Understand this, that if a criminal sanction is applicable in the world of compliance, there is a reverse legal onus of proof on the Information Officer of the Company to prove compliance to the law  and to prove it beyond reasonable doubt. In other words, the Information Officer and therefor the Company is guilty until proven innocent. The onus of proof can only be met by documented proof of systems, processes and participating individuals. If your Company processes just a scrap of personal information the entire law is applicable to the Company.