popiThe Protection of Personal Information (POPI) Act brings South Africa in line with existing data protection laws around the world, aiming to protect PII, enforce an individual’s right to privacy and provide guidelines for lawfully processing such information and notifying regulators and data holders in the event of a breach. Trustwave can help elevate your security posture and streamline your compliance process.

POPI: Fast Facts and Consequences

  • POPI applies to any company in South Africa that processes personal information.
  • Once an information protection regulator has been appointed to administer the law, companies will have 12 months to comply.
  • Offenders face harsh punishments: imprisonment of between one to 10 years and fines of R10 million.
  • Violations may also lead to enforcement notices requiring non-compliant companies to stop processing personal information.

It is critical for organisations that process personal information of employees, customers or other juristic persons (companies, trusts and so on) to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which employees handle and process personal information. The Act provides for a one-year implementation timeframe, but from experience we know it can take a lot longer.

Issues you may be facing

  • The PoPI conditions impact technology, processes and the manner in which employees process personal information.
  • Personal information may only be used for the purpose agreed with your customers and employees.
  • Marketing by means of unsolicited e-mail is prohibited unless certain provisions apply – organisations need to implement opt-in and opt-out strategies.
  • Personal information may only be retained for as long as necessary – organisations need to specify retention periods.
  • Organisations should not process more personal information than is necessary.
  • Processing of special personal information is prohibited unless certain provisions apply.

How we can help you

Our team of specialists assists clients to implement privacy requirements through a range of services scaled to each organisation’s size, business and privacy maturity
We can assist with:

  • privacy programme management
  • personal information inventories
  • privacy data flow mapping
  • privacy gap assessments
  • compliance and impact assessments
  • maturity assessments
  • breach response procedures
  • third party due diligence reviews

Depending on your organisation’s needs, we can support you by:

  • setting up your privacy governance office
  • providing privacy training (class room or eLearning)
  • conducting privacy culture assessments to identify how employee behaviour should change
  • compiling privacy policies and contractual clauses, and
  • defining and implementing your privacy programme from start to finish, incl


POPI compliance should be a front-burner issue for your organization. As you embark on your compliance journey, we can offer custom assessments to get you ready and technologies and services to help get and keep you in line with the rules.

Managed Security Services

Augment your existing staff with managed security services that evolve processes, elevate data protection strategies and advance the way you manage threats. With deep expertise and unmatched threat intelligence, we will design a program that supports your security and POPI demands, while giving you complete visibility and control.

Managed Security Testing

Receive on-demand, precision-based penetration testing with just a few clicks of a mouse. With a subscription, you can log in to the portal and schedule testing of databases, networks and applications.

Enterprise-Grade Data Security

Identify security lapses and ensure your information repositories stay protected from internal gaffes and nefarious attackers, while maintaining compliance with POPI.

Incident Readiness and Response

Prepare for and react to security incidents and breaches with the help of our SpiderLabs team, who identifies root causes of incidents and communicates responses in a way your team and management can understand.