The implications of POPI Act for businesses

The Protection of Personal Information (POPI) Act is in place to prioritize the protection of individuals' right to privacy. It encompasses the right of data subjects to be safeguarded against any illegal gathering, storage, sharing, and utilization of their personal information.

In order to collect, retain, and process personal information for communication or any other purpose, companies must first obtain consent from individuals. According to the "Conditions for lawful processing," the term "Personal Information" encompasses contact details, demographic information, personal history, and communication records.

The POPI Act emphasizes the importance of having a thorough understanding of how personal information is stored and processed. It is important to consider the systems, processes, and methods used to maintain and manage logical and physical access for the systems and areas that store personal information.

Ensuring the protection of personal information necessitates heightened vigilance in both physical and information security measures. The main purpose of the POPI Act is to protect personal information and prevent its unauthorized disclosure. Consequently, this implies a responsibility to safeguard personal and corporate information from potential damage such as financial fraud, identity theft, and the misuse or abuse of personal data.

The POPI Act mandates the establishment of streamlined processes and systems to effectively identify the storage locations of personal information. It also requires a clear understanding of how this information is processed both physically and electronically, as well as who has access to it and the purpose for which it is needed.

To fully understand the content of this article, it is important to read it alongside the POPI Act. You can download the POPI Act by clicking here.

Privacy Policy

Data Protection Policy
Prepared by the Duly Appointed Information Officer ("IO") with Registration Number: 0017204/2023-2024-IRRT/PR


The purpose of this privacy and data protection policy, also known as the DP Policy, is  to establish guidelines for our compliance with the requirements of the Protection of Personal Information Act (POPIA) when handling your personal information (PI). The term "processing" of personal information (PI) refers to the definition provided in the Protection of Personal Information Act (POPIA). It encompasses any activity involving the handling of PI, starting from its collection to its eventual disposal. By accessing our website and utilizing any of our services, you are consenting to the processing of your personal information as outlined in this Data Protection Policy.

1. Processing of PI

1.1. We may process your personal information (PI) depending on the type of business we conduct with you or the relationship you have with us. We are committed to adhering to POPIA at all times and handling your personal information in a lawful and reasonable manner, ensuring that your privacy is not unnecessarily violated.
1.2. We commit to using your personal information (PI) only for the specific purpose it was collected, which is to support our business operations and activities as agreed upon in any relevant contracts.
1.3. We will always ensure that we obtain your voluntary, specific, and informed consent, as defined in POPIA ("Consent"), whenever it is necessary to process your personal information (PI).
1.4. If we do not explicitly ask for your Consent, we may process your Personal Information (PI) based on another valid reason, such as fulfilling a legal obligation, protecting a legitimate interest that requires protection, or for permitted reasons only.
1.5. We will cease processing your personal information promptly if you withdraw your consent or if you raise a valid objection to the processing.
1.6. We will collect your personal information (PI) directly from you, except in the following cases: - If the PI is already publicly available. - If you have given consent for us to collect your PI from one of our affiliated organizations. - If the collection of PI is necessary for maintaining law and order or national security. - If the collection of PI is required to comply with a legal obligation, including obligations to SARS (South African Revenue Service). - If the PI collected is necessary for conducting proceedings in a court or tribunal that have already started or are reasonably expected to start. - If the collection of PI is required to maintain legitimate interests in digital analytics.
1.7. By accessing our website and utilising any of our services, you are consenting to the processing of your personal information as outlined in this DP Policy.
1.8. We will keep records of your personal information that we have collected for the minimum period required by law, unless you have given your consent or instructed us to keep the records for a longer period.
1.9. We will destroy or delete your PI in order to de-identify it once the time period for which we are allowed to retain the records has ended or if you withdraw your consent.
1.10. We are committed to collecting and processing your PI in a manner that ensures it is complete, accurate, not misleading, and up to date.
1.11. We promise to handle your bank account details with utmost care and will not access, share, or request the disclosure of this information unless we have your explicit consent or are legally required to do so.

2. The Importance of Your Rights

2.1. You have the right to withdraw your consent to process your PI.
2.2. You have the right to file a complaint with the Information Regulator ("IR") if you are not satisfied with how we have applied the Protection of Personal Information Act ("POPIA") to your PI.
2.3 The prescribed forms for exercising these rights are attached to the 2018 regulations that were passed in accordance with POPIA ("Regulations"). You can also obtain these forms from our duly appointed Information Officer ("IO").

3. Access to PI records

3.1. Upon providing proof of your identity, you have the right to request that we verify, at no cost to you, whether or not we possess any PI pertaining to you in our records.
3.2. If we do possess any PI, we will provide you with the record or a description of the PI upon request. However, please note that a fee of ZAR451 will be required. This information will include details about the identity of any third parties or categories of third parties who have had access to the PI. We will complete this task in a timely manner, ensuring that it is done in a reasonable and comprehensible way. 

4. Rectification of PI

4.1. You have the right to request that we correct or delete your PI if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained illegally.
4.2. You may also request that we destroy or delete records containing your PI that we are no longer permitted to keep. Such requests must be made on the prescribed form (Form 2 of the Regulations), which is available from our IO.
4.3. Upon receiving a lawful request of this nature, we will comply as soon as is reasonably possible.
4.4. We will notify you of the action we have taken in response to your request. 

PAI Act Manual

Our PAIA Manual is prepared in accordance with Section 51 of the Promotion of Access to Information Act 2 of 2000 (as amended). It was compiled in 2023 and will be renewed as needed. If you need any assistance, please feel free contact our IO at info@giadvisory.org.  See relevant forms below: 


digitalAnalytics is a business intelligence unit within Geopolitical Intelligence (Pty) Ltd. We support business leaders in making strategic decisions that boost growth. As professionals, we act with integrity to provide innovative and relevant solutions to small and medium-sized businesses. 

© 2024 digitalAnalytics All Rights Reserved 

Get in touch

  • digital@giadvisory.org
    +27 (0) 12 004 2023

  • WhatsApp

Our Newsletter

Subscribe to our newsletter to get our news & deals delivered to your inbox!