Keep your email and file databases POPI compliant

South Africa’s Protection of Personal Information Act (POPIA)

Keep your email and file database POPI compliant
South Africa’s POPI Act

Data privacy is a worldwide concern for many businesses – especially as regulations such as GDPR, CCPA, and POPIA (the Protection of Personal Information Act) have come or are coming into effect. Want to keep your email and file databases POPI compliant? Read on…

So What is POPI Act or POPIA?

POPI refers to South Africa’s Protection of Personal Information Act which seeks to regulate the Processing of Personal Information. It is South Africa’s equivalent to the EU’s GDPR. The POPI Act is well on its way to being implemented in South Africa. In order to ensure your data practices don’t contradict the act you need to be prepared, once implemented companies will have only 12 months to comply.

Who does POPIA affect?

POPIA affects all organisations that store, collect or process personal information are required to comply.

Personal Information broadly means any information relating to an identifiable, living natural person or juristic person (companies, credit cards, etc.) and includes, but is not limited to:

  • contact details: email, telephone, address, etc.
  • name of the person if it appears with other information relating to the person,
  • demographic information: age, sex, race, birth date, pregnancy, marital status, ethnicity, disability, religion, sexual orientation, language, etc.
  • history: employment, financial, educational, criminal, medical history
  • biometric information: blood type etc.
  • the views or opinions of another individual about the person.
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

“The POPI Act will affect almost all businesses in South Africa”

Does POPI really apply to our company?

Accountability for personal data is the responsibility of each public or private body. Generally, the Responsible party must be a resident in South Africa or the processing should occur within South Africa (certain exclusions apply).

The risk includes reputational harm, fines and imprisonment, and paying out damages claims to data subjects. The greatest risk, after reputational harm, is a fine for neglecting to secure record details.

There are also some benefits associated with complying with the POPI act, it is safe to say that consumers will feel more confident doing business with companies that are transparent and showing compliance with the POPI legislation.

Where POPI does not apply. Exclusions include:

  • purely household or personal activity.
  • some state functions including criminal prosecutions, national security, etc.
  • journalism under a code of ethics.
  • judiciary functions.

Why should I comply with POPI?

POPI endorses transparency about what personal information is collected and how it is to be processed. This honesty is likely to increase customer confidence in an organisation, public or private.

POPI compliance includes capturing and retaining the minimum required personal data, ensuring the accuracy of that data, and removing the data that is no longer required (Similar to GDPR).  These actions will help improve the overall reliability of the databases companies hold.

POPI compliance also requires that the organisation can identify personal information and can take reasonable measures to protect the same data. This will likely reduce the risk of data breaches and the associated public relations and legal ramifications for the organisation.

Non-compliance with the Act could expose the Responsible party to a penalty of a fine and/or imprisonment of up to 12 months. In certain cases, for more serious offences, the penalty for non-compliance could be a fine and/or imprisonment of up 10 years. It is vital that organisations keep their email and file databases POPI compliant.

How can Waterford Technologies help?

Data compliance starts with visibility – Waterford Technologies gives clients, the visibility they need for effective monitoring, eDiscovery, auditing and reporting across a variety of data regulation standards. Our ComplyKEY suite empowers you to easily reduce email and file risk, detect and respond in real-time to threats and prove regulatory compliance with acts such as POPI, ensuring that you keep your email and file database POPI compliant.

ComplyKEY is a compliance and data management platform where you can find every single email and file in your organisation, conduct e-discovery, freedom of information and subject access requests directly from your desktop anywhere.

Key Benefits

Governance- Proactive approach to data transparency by classifying before archiving is a key requirement of POPI.

Compliance – Preventative monitoring of email internally & externally to identify & remediate risk.

Data Retention Management and Erasure- Increases efficiency, retention can be controlled by time and/or by person groups. As mentioned above POPI compliance includes capturing and retaining the minimum required personal data, ensuring the accuracy of that data by removing the data that is no longer required.

Investigate & Message Filtering– Advanced e-Discovery with keyword search, word lists, & regular expressions (REGEX) capabilities.

Be POPI compliant

Although you have a one-year grace period to update your systems, the time to prepare for POPI is now. Get in touch with Waterford Technologies to discuss how we can help your email and file database POPI compliant.


Laura Stotesbury

Head of Marketing

Waterford Technologies