Contact

POPI and the Employment Life Cycle: The CDH POPI Guide

Back to top

POPI and the Employment Life Cycle: The CDH POPI Guide

The Protection of Personal Information Act 4 of 2013 (POPI) came into force on 1 July 2020, save for a few provisions related to the amendment of laws and the functions of the Human Rights Commission. POPI places several obligations on employers in the management of personal and special personal information collected from employees, in an endeavour to balance the right of employers to conduct business with the rights of employees to privacy.

21 Sep 2020 2 min read Employment Alert Article

Responsible parties have been granted a grace period ending on 30 June 2021, to comply with the provisions of POPI. Non-compliance with POPI is a criminal offence attracting imprisonment not exceeding 10 years with or without a fine and/or an administrative fine not exceeding R10 million which may be imposed by the Information Regulator.

POPI applies to the ‘processing’ or ‘further processing’ of personal and special personal information of employees by an employer. The ‘processing’ of information relates to a comprehensive range of activities. It includes the initial obtaining or collection of personal information, the retention and use thereof, access and disclosure and finally the disposal of the data.

Although, POPI prohibits the processing of special personal information. An employer can process this information if, amongst others; it obtains express consent of the employee; it has a legal duty to do so; the information is available in the public domain or the information is being processed for historical; statistical or research purposes.

While POPI is not limited to employers and employees, there is no doubt that the employment relationship falls within its ambit. Our POPI guide contains a non-exhaustive list of the ways in which POPI applies to the employment life cycle as well as guidance notes on the various stages.

With the deadline for compliance with POPI fast approaching, employers need to, among others, appointment an information officer; conduct an assessment of their internal processes, provide their employees with POPI related training; adopt adequate controls to ensure the safety of personal information; and establish adequate policies and procedures to comply with the eight conditions for lawful processing of information, in order to be compliant on or before 30 June 2021. Our POPI guideline (available at the link below) will assist you in navigating this new terrain. The guideline answers general queries in relation to POPI in the employment environment. For more bespoke advice, please contact one of our practitioners.

 

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2025 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

22 May 2024

by Sammy Ndolo and Brian Muchiri

Streamlining enforcement: Key insights into the Competition Authority of Kenya’s Consolidated Administrative Remedies and Settlement Guidelines, 2023

The Competition Authority of Kenya (CAK) has taken a significant step towards enhanced transparency and efficiency with the recent publication of the Consolidated Administrative Remedies and Settlement Guidelines, 2023 (Guidelines). This move underscores a commitment to streamlined enforcement processes and predictable outcomes for businesses operating in Kenya.

Competition Law

3 min read

31 Jul 2024

by Tayyibah Suliman and Izabella Gutlar-Balkovic

The aftermath of Crowdstrike: Re-evaluating the importance of severity classifications

The recent fault in a Crowdstrike update on 19 July 2024 resulted in one of the most widespread IT outages in recent history and has continued to dominate newsfeeds globally. This undetected fault caused over 8,5 million Microsoft Windows operating systems to crash and financial damage from this outage is estimated to be more than $10 billion. The disruption affected countless sectors including aviation, banking, hospitality, manufacturing, retail and manyothers. 

Corporate & Commercial Law

4 min read

6 Nov 2024

by Kate Anderson, Ismail Makda and Jocelyn Kganane

To guarantee or not to guarantee? Rights of recourse against a principal debtor

The case of Nedbank Limited v Xanita (Pty) Limited (885/2019) ZAWCHC 144 (12 June 2023) addressed and clarified the principles surrounding a guarantee and the right of recourse that a guarantor has against a principal debtor. The case also assessed the legal obligations of a guarantor in comparison to that of a surety.

Corporate & Commercial Law

3 min read

9 May 2025

by Brigitta Mangale, Elgene Roos and Denzil Mhlongo

Reflecting on Freedom Day: Are our children free?

South Africa celebrates Freedom Day on 27 April each year, honouring the date of our first democratic elections in 1994. However, more than 30 years later, there is no doubt that freedom is not equally enjoyed by all.

Pro Bono & Human Rights

16:04 Minutes

26 Mar 2025

by Lucinde Rhoodie, Liëtte van Schalkwyk and Lara Sneddon

Farmers beware: Legal liability and export risks in the wake of bud rot

On 22 January 2025, the Department of Agriculture, Land Reform and Rural Development (Department) issued an alert on the detection of “ bud rot ” of palms ( Phytophthora palmivora ) in certain parts of the country.

Agriculture, Aquaculture & Fishing

5 min read

2 Dec 2024

by Christine Mugenyu and Melisa Wekesa

A New Era for BPO services? The evolving landscape from the proposed Business Laws (Amendment) Bill 2024

Regulation of Business Process Outsourcing (BPO) became the focus owing to the recent determination in the case of Samasource EPZ Limited t/a Sama v Meta Platforms, Incorporated & 186 Others; Kenya Human Rights Commission & 8 Others (Interested Parties) KECA 1152 (KLR).

Employment Law

24:39 Minutes

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline