Skip to main content

POPIA Compliance update: Resources and options

The ‘D’ day for POPIA compliance has come and gone. Some of us have it all sussed and sorted, some had good intentions but have been diverted by other dramas, and some are still wondering whether they need to engage with POPIA (for the last lot, yes you do!)

The good news is that the Information Regulator’s office seems to be as stuck as its website still is, with the Information Officer registration portal still not accessible due to technical difficulties. Our suspicion is that the technical difficulties were caused by a deluge of registration attempts on 1 July. The bad news is the same as the good news, really – with nothing so far coming out of the Information Regulator (other than the 13 July warning that photos of the ex-President taken by Correctional Service members have been published in breach of JZ’s rights to protection of his personal information) we do not have much to go on, in terms of further guidance for implementation.

The market is flooded with people selling POPIA compliance packages and services, and there is no shortage of choices out there. We have seen that there are four main components of compliance which need dealing with:

Public compliance

Websites and other public documents need to be aligned and tweaked to demonstrate that your organisation has thought through the POPIA and related requirements and is taking steps to comply with them;

Internal policies, systems and processes

This is about adjusting the ways you work and communicate to take POPIA compliance into account. HR consultants and labour lawyers are typically providing sound advice and useful documents to deal with this aspect


Here you need the expertise of people with IT skills, to assess your current systems, storage, protocols and to change or build them for improved security (note that the weakest point for security is often people, which leads us to the next topic…)


Implementing training and awareness programs inside the organisation is part of POPIA compliance. Once again, there are many who are offering this service. For online training, Michalsons has developed a non-profit ‘lens’ through which their size-tailored training package can be viewed. Depending on how fast you work through the material provided (they charge a monthly fee for however long it takes you) it can be a reasonably priced option, and they do offer discounts on their published price to non-profits on request. See their costings here.

Nicole Copley | NGO Law

Nicole has consulted to the NGO sector since 1993. She is an admitted attorney (non-practising), has her Masters in the tax exemption laws and is a Master Tax Practitioner. Nicole developed her drafting skills while working as a business lawyer, and she has a pragmatic problem-solving approach to all the work she does. Her depth and breadth of experience over many years and her work with government and a wide range of clients, give her useful perspective and insight. Nicole also lectures and trains on various topics of importance to the NGO sector. She is author of ‘NGO Matters: A practical legal guide to starting up’, and publisher of the series of NGO Matters handbooks.

Related articles

Notifying the Information Regulator
Ricardo Wyngaard | The NPO Lawyer
The Protection of Personal Information Act (POPIA) imposes important obligations on Organisations in the event of a data breach involving personal information of a data subject. Section 22 of POPI...
“Changing” the legal structure of your NPO
Ziyo | Accountants with heart, and Nicole Copley
It has surprised us how often staff, or governing body, members of non-profit organisations (“NPO’s”) have not been able to tell us which legal structure their organisation is established as – “we ...
Can we leave our unused trust dormant?
Nicole Copley | NGO Law
The functioning of the various Masters of the High Court being what they are (and the comparative speed and ease of use of CIPC being markedly better) we are quite often asked by clients who have d...