What is the POPI Act?

POPI Act refers to South Africa’s Protection of Personal Information Act. In a nutshell, POPI will aim to balance our right to the free flow of information and our right to privacy. In other words, POPI regulates whatever you do with whoever’s personal information.

Information includes, but is not limited to:

contact details: email, telephone, address etc.
demographic information: age, sex, race, birth date, ethnicity etc.
history: employment, financial, educational, criminal, medical history
biometric information: blood type etc.
opinions of and about the person
private correspondence etc.

What is POPI Act really?

POPI regulates the “processing” of personal information. This definition is broad. It covers, amongst other things, the collection, receipt, recording, organisation, collation, use, and dissemination of information. This does not mean that CCTV surveillance is unlawful or prohibited. However, it does mean that – once the operative provisions of POPI are in force – Vumacam must comply with the provisions of POPI.

Does Vumacam adhere to the POPI Act guidelines?

For now, the best we can do is to interpret POPI according to the general language-context-purpose framework for statutory interpretation in South African law. Our courts are also likely to look for comparative guidance in jurisdictions with more developed data protection jurisprudence. In particular, POPI’s language closely tracks EU data protection laws. In formulating our processes and procedures, Vumacam has adhered closely to the EU GDPR (General Data Provision Regulation) provisions.

Some of the obligations under POPI are to: