Protection of personal information act (PoPI)

It is critical for organisations that process personal information of employees, customers or other juristic persons (companies, trusts and so on) to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which employees handle and process personal information. The Act provides for a one-year implementation timeframe, but from experience we know it can take a lot longer.

Issues you may be facing

  • The PoPI conditions impact technology, processes and the manner in which employees process personal information.
  • Personal information may only be used for the purpose agreed with your customers and employees.
  • Marketing by means of unsolicited e-mail is prohibited unless certain provisions apply - organisations need to implement opt-in and opt-out strategies.
  • Personal information may only be retained for as long as necessary - organisations need to specify retention periods.
  • Organisations should not process more personal information than is necessary.
  • Processing of special personal information is prohibited unless certain provisions apply.

How we can help you

Our team of specialists assists clients to implement privacy requirements through a range of services scaled to each organisation's size, business and privacy maturity.

We can assist with:

  • privacy programme management
  • personal information inventories
  • privacy data flow mapping
  • privacy gap assessments
  • compliance and impact assessments
  • maturity assessments
  • breach response procedures
  • third party due diligence reviews


Depending on your organisation's needs, we can support you by:

  • setting up your privacy governance office
  • providing privacy training (class room or eLearning)
  • conducting privacy culture assessments to identify how employee behaviour should change
  • compiling privacy policies and contractual clauses, and
  • defining and implementing your privacy programme from start to finish, including the appropriate security solutions.

Contact us

Busi Mathe

Partner, PwC South Africa

Tel: +27 (0) 11 797 4875

Follow us