Deepening Democracy through Access to Information
Home / Press Office / SchoemanLaw Inc RSS ← Back

Email this article

separate emails by commas, maximum limit of 4 addresses

Verification Image. Please refresh the page if you cannot see this image.

Sponsored by


Article Enquiry

POPIA – what does it mean for you and your business?

Verification Image. Please refresh the page if you cannot see this image.

Embed Video

POPIA – what does it mean for you and your business?

5th June 2018


Font size: -+

The Protection of Personal Information Act 4 of 2013 (“POPIA” or the “Act”) regulates the right of privacy in a specific context of data protection. It does not cover other aspects of privacy, like the privacy of communications.

The purpose of the Act is to:


“… give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations that are aimed at—



(i) balancing the right to privacy against other rights, particularly the right of access to information;

(ii) protecting important interests, including the free flow of information within the Republic and across international borders;

(b) regulate the manner in which personal information may be processed, by establishing principles, in harmony with international standards, that prescribe the minimum threshold requirements for lawful processing of personal information;

(c) provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and

(d) establish voluntary and compulsory measures, including an Information Protection Regulator, to ensure respect for and to promote, enforce and fulfil the rights protected by this Act…”

Thus, POPIA sets conditions for how one can process the private information of persons that is in their possession. 

Personal information is defined in the Act as:

“…means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

(b) information relating to the education or the medical, financial, criminal or employment history of the person;

(c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;

(d) the blood type or any other biometric information of the person;

(e) the personal opinions, views or preferences of the person;

(f)  correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

(g) the views or opinions of another individual about the person; and

(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;….”

POPIA requires responsible parties to be open about their processing and allow the data subject to participate in how their personal information gets processed.

Consumers have various remedies, like complaining to the Information Regulator and suing for damages in a civil action. In order for the latter, damages will depend on a case by case basis.

Over and above your and your business’s obligations, Consumers should:

  • Only give personal information to companies they trust;
  • Put their name on the “Do Not Contact” register (in terms of the CPA);
  • Read Privacy Policies;
  • Ask organisations to tell them what personal information they have and ask for it to be deleted;
  • Unsubscribe from newsletters;
  • Complain to the organisation itself first;

In terms of the Consumer Protection Act 68 of 2008 (the “CPA”) as amended anyone can currently email marketing on an opt-out basis. In terms of POPIA, email marketing can only occur on an opt-in basis.

What could happen to you or your business if you do not comply?

  • Suffer reputational damage;
  • Pay out millions in damages to a civil action; and
  • Be fined up to R10 million or face 10 years in jail.


We recommend that businesses revise their policies and ensure that they align all facets of their businesses. Contact SchoemanLaw today.

Submitted by Schoeman Law



To subscribe email or click here
To advertise email or click here

Comment Guidelines

About is a product of Creamer Media.

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more


We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store


Advertising on is an effective way to build and consolidate a company's profile among clients and prospective clients. Email

View options
Free daily email newsletter Register Now
Register Close