The Protection of Personal Information Act (POPIA) is one of the most important pieces of legislation promulgated over the past few years and stipulates that when personal information is collected, it must be properly used, stored, protected, managed and destroyed. The Act came into full force on 1st July 2021.

It is essential to make decision makers and key personnel in your organization aware that the POPI Act has changed as from 1st July 2021, and stress the severe consequences of non-compliance. All companies must put policies and procedures in place to monitor and enforce compliance in the long term. They must train their management and staff on the contents of the POPI Act to ensure compliance.

At present there is a misunderstanding in that only the deadline for application for Prior Authorisation has been extended to 1st February 2022, by the Information Regulator. The reason being that the registration number of the Information Officer must be available and shown on the application for Prior Authorisation if the company deals with Special Personal Information.

The first step in the compliance process is that an Information Officer, who is the POPI oversight representative of the company, must be appointed by the governing body by way of an official resolution and confirmed by a letter of Appointment and then registered with the Information Regulator.

The Information Officer must typically be the Chairman of the Board, Senior Director, Director or CEO if not, a senior employee, with the necessary authority to implement the requirements of the POPI Act. The Information Officer can delegate his/her tasks to a Deputy Information Officer but can never delegate his/her responsibilities and accountability.

Compliance of the POPI Act must be approached with the necessary urgency, care and dedication in order to ensure compliance. In cases of repeated non-compliance, a hefty fine and/or incarceration is possible. The compliance process is an on-going process and the responsible party or management can never wash their hands or delegate their accountability and responsibilities in complying with the POPI Act. It is important to note that management by way of the Information Officer must ensure full compliance.

The role of Altitude Employment Solutions is to ensure that the company has the necessary documentation and information to be compliant and implement the contents of the POPI Act. It is important to note that the process must be driven by the Information Officer appointed by the company. We supply the necessary documentation and guidance to ensure compliance

For further assistance or information to ensure your company is compliant with the rules and regulations set out in the POPI Act, please contact Altitude Employment Solutions at

 At Van Niekerk
Altitude Employment Solutions – Business Partner