What are the penalties if your business is not POPIA compliant?

With the POPIA deadline looming around the corner it is essential for all business to take action and ensure that their business meets the criteria for POPIA compliance. The need for your business to be POPIA compliant is not only to utilize internal data protection but, the penalties involved if your business is found not to be compliant after 1 July 2021. The POPI Act sets forth eight conditions for the lawful processing of personal information. These conditions address how organizations demonstrate accountability for ensuring they respect the privacy of individuals in South Africa. The Act regulates how this information is collected, stored, processed, and shared. Although the Act was signed into law in 2013 and certain sections of the Act went into effect in 2014, these effective sections pertained to the establishment and appointment of the Information Regulator. Once the sections of the Act that place obligations on organizations to ensure the lawful processing of personal information begin, organizations will have one (1) year following that date to comply with the Act’s provisions. There are essentially two legal penalties or consequences for the responsible party:
  1. A fine or imprisonment of between R1 million and R10 million or one to ten years in jail.
  2. Paying compensation to data subjects for the damage they have suffered.
It is very unlikely that anyone will go to jail and the fines are small compared to other jurisdictions. The other penalties include:
  • Reputation damage
  • Losing customers (and employees)
  • Failing to attract new customers
But your main motivation for complying with the Protection of Personal Information Act (POPIA) should be to protect people from harm. Infraplex has POPIA packages available for your business to help you get compliant before the POPIA deadline. Infraplex has devised a four step solution within our POPIA packages these are:

The first step to becoming compliant is setting up a consultation with a compliance agent. This one on one consultation will allow us to get to know you and your business.


The assessment process allows us to see what your business currently is and is not compliant with. This involves analysing your internal data storage and processes to determine your current level of legal compliance.


In order to gain and maintain your business compliance, we will be required to appoint a compliance officer within your business to monitor your compliance and ensure that processes are performed in accordance to the law.


Once your current compliance needs have been established, we will then offer your business the correct products and security solutions to maintain compliance.

Click here to set up a consultation with our compliance officer. Visit compliance.infraplex.net for more infor mation on getting your business compliance.