law legal technology concept. judge gavel and comp
  • The POPI Act aims to protect South Africans' right to privacy by regulating how personal information is processed by marketing companies and others.
  • Failure to comply with the Act will result in a hefty fine of up to R10 million, or jail time. 
  • Here's what you can do if your personal information ends up in the wrong hands. 
  • For more stories go to

The deadline for organisations to comply with the Protection of Personal information Act (POPIA) has finally arrived, and those who do not cooperate are at risk of paying hefty fines, going to jail, or suffering reputational damage.

The POPI Act commenced in July 2020, but the deadline for organisations to comply was 1 July, 2021.  This is largely why you may have recently received an influx of SMSs or emails about data privacy and requests from companies to either continue to keep in touch with you, or urge you to unsubscribe from their services.

The purpose of the Act is to protect South Africans' right to privacy by safeguarding personal information and regulating the way such information is processed by responsible parties (companies, government, state agencies, etc).

Since the act has come into full swing, it might be easier to avoid receiving those unsolicited calls, SMSs and e-mails from marketing companies – but naturally, other parties are stubborn and will continue to advertise their products to you.   

According to the POPI Act, sending unsolicited electronic communication to potential customers for direct marketing is prohibited, unless you have given consent and have not previously withheld consent, and if you are an existing customer.

It also stipulates that marketing communication must contain the identity of the sender or the person on whose behalf the communication has been sent and an address or other contact details to which the recipient may send a request that such communications cease.

If you find yourself in harm's way in that your personal information and privacy have been compromised, you can report this to the information regulator, whose main purpose is to monitor and enforce compliance by public and private bodies with the provisions of the POPI Act.

Penalties for noncompliance include a hefty fine of between R1 million and R10 million, or imprisonment of between a year to ten years in jail.

Responsible parties may also have to compensate victims for any damages suffered.  

Other consequences may include; reputational damage, a business losing its customers and employees, and suffering the inability to win over new customers.

Get the best of our site emailed to you every weekday.

Go to the Business Insider front page for more stories.