Skip to main content
With just over one week to go until the countrywide implementation of The POPI Act. Is your website ready?


The Protection of Personal Information or POPI Act comes into effect for all businesses collecting personally identifiable information at the end of June. All businesses collecting and processing information of this kind will need to have Privacy Policies in place that are available for review and should describe what information is processed, how it is stored, processed, protected and deleted. This includes information collected and processed via a business’s website.
Part of the Act came into effect on 1 July 2020, with other sections commencing on 30 June 2021.
As part of our pursuit to better understand the Act and assist our clients with compliance, we have researched and put together some steps to consider when designing and implement your business’s Privacy Policy;

1. Review and Notify Users of your Outward Facing Privacy Policy

If you are collecting and processing data on your website through contact forms, cookies, analytics tracking tools etc. your Privacy Policy page should be publicly available so that users will know how their information is being collected and processed. For your website, it is recommended that you review your existing Privacy Policy and create a pop-up notification, made visible to users when they land on the page to direct them to your Policy.

2. Internal Systems for the Handling of Data

As part of your business’s compliance, you should include in your preparation;

  • the appointment of an Information Officer and register them with the Information Regulator
  • complete a Privacy Impact Assessment
  • prepare and provide staff and contractors with agreements on these policies
  • provide staff training

3. Implementation

It is time to onboard your organisation’s Privacy Policy. Publish your Privacy Policy and Notifications about your policies on your website and begin self-regulation procedures.

4. Is there an award or certificate for POPI Compliance?

No, there is no certificate awarded by the Information Regulator for compliance. Self-regulation is necessary to maintain compliance. So, you will need to keep monitoring and reviewing your policies and procedures, in line with the official guidelines.

How to get your website compliant with POPI?

Your web developer should have information and solutions available to assist you with the set-up of your Privacy Policy on your website.
This post is not legal advice and has been shared purely for the purpose of providing insight and information.