POPIA compliance checklist

The operative provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) came into effect on 1 July 2020, with a grace period of a year in which companies must ensure that they are compliant. Companies must ensure that their business practices and the way they interact with customers, clients or consumers adhere to the requisite privacy laws, as well as confirming that the way they collect, store or process their employees’ information aligns with the protections set out in POPIA.

8 Apr 2021 1 min read TMT Sector Alert Article

At a glance

  • The Protection of Personal Information Act (POPIA) became operative on July 1, 2020, with a grace period for companies to achieve compliance by July 1, 2021.
  • Companies need to ensure that their business practices align with privacy laws and that the collection, storage, and processing of customer and employee information comply with the protections outlined in POPIA.
  • A generic compliance checklist is available to assist businesses in assessing their POPIA compliance levels and identifying areas of risk, but seeking legal advice is recommended to ensure full compliance.

The below table contains a useful generic checklist that businesses can use to ensure that they are POPIA compliant by 1 July 2021.

CDH’s POPIA compliance checklist seeks to assist businesses (noting that POPIA applies to both public and private bodies) with a general heat map to check its compliance levels and areas of risk relating to POPIA compliance and has merely been provided to assist in expediting the POPIA compliance process.

The checklist does not make provision for every eventuality and serves only as a useful guide to assist businesses to start focusing on the most common instances where businesses need to be POPIA compliant. The checklist should in no way to be construed as a substitute for seeking legal advice to ensure that your business is fully compliant with the requirements of POPIA.

Generic POPIA compliance checklist








The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.