10 Key Points to Prepare for POPI Act Compliance

  1. Get approval for your POPI Act compliance project. Start to build up evidence that your organisation is serious about compliance, with the appropriate level of executive support. 

  2. Formally appoint your Information Officer. Make sure you have a named individual who understands what needs to be done and will drive your compliance activities.

  3. Perform your risk assessments. Conduct a series of assessments which will uncover areas of your organisation where non-compliance is a risk.

  4. Address the risks identified. Put in place reasonable and appropriate, organisational and technical actions to address the risks identified.

  5. Issue privacy notices to your data subjects. Explain clearly and simply what you are going to do with personal information you process.

  6. Establish procedures to ensure ongoing compliance. Put in place appropriate steps to ensure your comply with the POPI Act as “business as usual”.

  7. Update or create and publish your PAIA manual. Remember the Promotion of Access to Information Act (PAIA) is there to ensure data subjects have access to their information.

  8. Be prepared to deal with the Information Regulator (South Africa). Register your Information Officer and keep up to date with POPI Act developments.
  9. Train stakeholders about their roles in POPI Act compliance. Identify training needs and make training available to all your staff.

  10. Communicate with internal and external stakeholders to let them know you are serious about compliance with the POPI Act.

This Ten Point Guide has been supplied by IACT-Africa, specialists in POPI Act compliance. For more information about how to prepare for compliance with the POPI Act please contact This email address is being protected from spambots. You need JavaScript enabled to view it.