POPI – What the latest enactment means: refresher crash course

The POPI Act gives effect to Section 14 of the Constitution which provides that everyone has the right to privacy. As a result, POPI seeks to balance this constitutionally entrenched right against personal information processed by public and private entities. The Act has been implemented in stages since April 2014 (checkout our cool GIF on the POPI timeline).

The slow implementation of the Act is a result of state readiness for the Information Regulator who was appointed in December 2016, to assume its powers, functions and responsibilities under the Act. The establishment of the Information Regulator required the transfer of functions of the Promotion of Access to Information Act, 2000 (PAIA) from the South African Human Rights Commission (SAHRC) to the Information Regulator.

President Ramaphosa proclaimed that as at 1 July 2020, the following provisions come into effect: Sections 2 to 38; Sections 55 to 109; Section 111; and Section 114(1), (2) and (3). As indicated by the Presidency, these latest provisions apply to the conditions for lawful processing of personal information, the regulation of processing of special personal information, codes of conduct, procedures for complaints, provisions regulating direct marketing by means of unsolicited electronic communication, and general enforcement of the Act.

The remaining provisions under Section 110 and 114(4) will commence on 30 June 2021.


The risk of non-compliance with the Act include reputation damage, payment of fines up to R10 million, imprisonment between 1 to 10 years and/or payment of damages to the affected data subject. The Act largely impacts on organisations that process large amounts of personal information, children’s information and account numbers. These organisations find themselves in the financial services, healthcare and marketing industry.

12 month grace period

As of 1 July 2020, your organisation is given a 12 month grace period within which to get your organisation POPI compliant (Section 114(1)). Whilst POPI will be regulated by the the Information Regulator, your organisation will be responsible for appointing an Information Officer to ensure compliance.

POPI and Estate Agents

POPI is a game changer for direct marketing. Estate Agents largely rely on cold calling as a primary means of securing listings and marketing. Under the circumstance, the prevailing question is whether estate agents will be allowed to cold canvass telephonically using data from companies such as Lightstone, and whether these companies have the necessary permissions to pass on data to third parties. The answer is no, unless the data subject has given express permission for his information to be used for such i.e. marketing purposes.

The shift under POPI is so dramatic, that Section 66 of the Act provides that a public or private body that holds personal information on an individual may not use the information to send direct electronic marketing to that individual, unless the individual has given consent or unless the individual is an existing customer. Individuals who are recipients to these texts, must now also have an opportunity to opt-out of receiving any future communication.

Estate agents will now have to innovate on new ways to market to ensure that they obtain the first given the permission required before contacting the customer. You might want to take a look at how estate agents in the UK go about marketing since their laws on the protection of personal information are quite similar to POPI.

Ensuring that you take the necessary steps to become POPI compliant:

  1. Safeguards: Ensure that your IT systems comply with POPI for the collection and storage of data. These systems must be secured against hackers and unauthorized individuals should not be able to access the information without written approval.
  2. Remote working: Working remotely is almost a staple since the outbreak of COVID-19. Ensure that your agents and employees with laptops and cellphones sign an undertaking to protect the information stored on their electronic devices.
  3. Employee code of conduct: Have your employees and agents sign an undertaking coupled with your code of conduct on their responsibility to ensure that personal information is protected, and not to disclose the client’s information to other’s without consent.
  4. Ask your clients to sign a POPI form: When consulting with existing client or when a mandate is taken, ask your client as a courtesy to sign a POPI form, giving them an opportunity to opt in- or consent to your marketing services for future listings.

For assistance in ensuring that your agency or business is POPI compliant, email

#POPI #PAIA #EstateAgent #miattorneys #moegsienaishmailattorneys #lawyersofexcellence

Tags :


Share :

Leave a Reply

Your email address will not be published. Required fields are marked *

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Practice Areas