Privacy. Protection. POPI. 1

Privacy. Protection. POPI.

If you, your website, company, or organisation is located in South Africa then you’re at substantial risk if not fully compliant with POPIA by 1 July 2021.

POPI in Plain Language.

POPI is shorthand for the Protection of Personal Information Act No 4 of 2013 and is one of the most comprehensive and complicated pieces of legislation we’ll all need to contend with… Or face harsh legal consequences.

It’s aim is to protect and regulate personal information of anyone living or operating a business in South Africa. As soon as you, in any way, “process” and personal information relating to a “data subject”, you are a responsible party soon to be bound by compliance legislation.

This means, as a website owner, POPIA affects how you use cookies, track visitors online, and store data.

If you’re reading this, you most likely own a website…

One of the biggest mistakes you can make as a website owner is to ignore the urgency when it comes to compliance. If your business is online, ask yourself the following:

  • Do I collect user data? (This can come in the form of cookies, comments, email newsletters, or contact forms).
  • Do you use Google Analytics?
  • How do I become and stay compliant?
Privacy. Protection. POPI. 2

I’m a website owner, what now?

As the deadline for compliance is just a few weeks away, you need to take the necessary and urgent steps to protect the personal information you collect, use, and distribute… If you haven’t already. Here are our tips to keep your website clean and compliant:

1. A professionally drafted comprehensive privacy policy.

Ensure you have a tailored and professional policy defining how you collect, process and store personal user data as well as document what you intend to do with the obtained data. If you don’t have one, we can help with this.

2. Obtain consent.

Direct marketing using any form of electronic communication such as SMS, email, automated calls will now require the person on the receiving end to consent through giving permissions as a potential or existing customer. Most platforms eg. Mailchimp have built in policies, but if you’re not sure, get in touch and we can assist.

3. Unsubscribe Option.

All above mentioned communication must contain an option to opt out. To further ensure compliance, individuals and companies need to be vigilant when a consumer requests the option to unsubscribe from further communications. If your website doesn’t have an opt in/out for analytics and cookies, get in touch and we can set this up for you.

4. Stick to permitted times.

POPIA specifies certain days and times for direct marketing and marketers. It’s of utmost importance that marketers are aware and abide by these constraints.

5. Cooling off period.

Under the Consumer Protection Act, a customer has the right to cancel a transaction resulting from any direct marketing without reason or penalty within a 5 day window period.


By publishing a privacy policy on your website, it not only contributes to you becoming compliant, it communicates to your users that you take their personal data and privacy seriously.

Privacy is a big issue. And when correctly implemented, privacy policies benefit website owners and their users; it’s a win for businesses when it comes to understanding consumer behaviour for improving marketing tactics and a win for consumers who, will now, have power and agency over their personal data and privacy.

© 2020 SUPERSEED. All rights reserved.