With the enforcement of the Protection of Personal Information Act of 2013 (POPIA) now firmly on the horizon, South African business owners and decision-makers have to re-examine the way in which data is managed and processed within organisations. It is important to note that POPIA will impact almost every business – regardless of size and sector.


Critically, POPIA applies to every business that manages, processes and shares any form of personal data in order to operate effectively and efficiently. Businesses that do not comply with POPIA (either deliberately OR accidentally) could face fines of up to R10 million – or 10 years in jail.

However, if it’s not the POPIA regulator that threatens to punish a non-compliant business/business leader, it may well be a client that has suffered a material loss due to their personal data being accessed as a result of an oversight in IT systems, document or data management.

With the above in mind, it is critical that business leaders and decision-makers are aware of the risks – and are doing “what is reasonable” to protect both the business and themselves.

By answering the quick pre-assessment questionnaire below, you can quickly see if your business is at risk – and therefore requires a more comprehensive assessment for R6 999. This assessment will determine your current level of compliance – and the associated risks that your business is facing. Indeed, “forewarned, is forearmed.”