How Does Compliance with the Protection of Personal Information Act (POPI Act) Affect Organisations in South Africa?

How Does Compliance with the Protection of Personal Information Act (POPI Act) Affect Organisations in South Africa?

Harare, Zimbabwe and Virtual

This research examined how Protection of Personal Information Act No 4 of 2013 (POPIA) compliance affects organizations in South Africa. Despite the promulgation of POPIA in 2021, data breaches, abuse of personal information, and increased cyber threats persist in South Africa. As a privacy regulation, POPIA has yet to successfully safeguard personal information because it exists in a complex regulatory environment. Lack of technical measures to combat the abuse of personal information, limited awareness of the implications of POPIA compliance on organisations, and organisations' resource constraints are some factors that exacerbate the complexity of the regulatory environment. Through interviews in seven organisations, including tourism, banking, retail, healthcare, fintech, and technology, the study found that POPIA compliance affects organisations at the people, process, and technological levels. The study outlines ten questions organisations must consider before implementing POPIA compliance programmes. The study contributes to the literature on privacy policy compliance.