Section 18 of the POPI Act stipulates that, where personal information is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of all of the elements listed in section 18(1)(a) to (h).
The aforementioned “practicable steps” usually take the form of a privacy notice, which can be published by your business on its website, or the notice can be sent to the data subject whenever the business will be processing that data subject’s personal information.
The Privacy Notice is drafted from a financial services provider’s perspective and will be a valuable template to guide you through POPIA compliance.

The POPI Act contains numerous obligations to which your business must adhere, and navigating these obligations by referring only to the wording and structure of the Act itself can be daunting. In light of this daunting prospect, we have simplified the POPI Act for you by developing a POPIA Activity Checklist which contains 40 structured activities that are fundamental to establishing a POPIA compliance framework within your business.
The Activity Checklist also provides valuable guidance on the application of each activity and gives further context to the activity within the POPIA compliance framework.
This checklist is therefore not a “tick box” template but rather provides valuable insight into how your business can go about managing its POPIA compliance project on a “Do It Yourself” basis.

This is a recommended template for a POPI Policy, which can be customised according to the requirements of your business.
The POPI Policy includes the legislative requirements in the POPI Act, the Regulations to the POPI Act, as well as the recently issued Guidance Note on Information Officers and Deputy Information Officers.
This template also includes additional customisable annexures such as a Personal Information Request Form; POPI Complaint Form; generic POPIA Privacy Notice; Employee Consent and Confidentiality Clause; SLA Confidentiality Clause; and a (Deputy) Information Officer Appointment Letter.

You might not be surprised to learn that, in our opinion, the POPI Act contains about 105 risks that must be evaluated and monitored by your business. The easiest way to decide how you will be prioritising these risks is by rating the risks applicable to your business and addressing the highest-rated risks first. This Risk Register, therefore, provides you with a risk-rating tool. To get a bird’s eye view of these risks, we have mapped out the 105 POPIA risks on a customisable regulatory Risk Register. This means that you can either add or delete risks that do not apply to your business.
The register also provides for likelihood and impact ratings, a final risk rating (with different colours to generate a risk “heatmap”), a description of control measures, and suggested compliance risk areas.

We have compiled a convenient folder of the relevant POPIA legislation that has been published to date. The aforementioned folder includes the POPI Act, the Regulations to the Act, Guidance Notes, Codes of Conduct, and Government Gazettes.

Please review the key terms governing downloadable product access, use, refunds, intellectual property and liability before completing your online purchase.