POPI Compliance

24 June 2021

In just 1 week, the Protection of Personal Information Act 4 of 2013 (POPI) kicks in, which means all healthcare practices dealing with data subjects (patients, colleagues, suppliers, and employees) need to be compliant or face very heavy fines. We, as healthcare practitioners, have a strict obligation to maintain confidentiality by virtue of our profession.

Even before POPI, the Health Professions Council of South Africa (HPCSA) set out basic guidelines on protecting personal information which has informed awareness of protecting information in healthcare practices, and thus POPI is not a foreign concept to us. These guidelines are contained in Booklet 5: CONFIDENTIALITY: PROTECTING AND PROVIDING INFORMATION.

POPI however takes the protection of personal information to another level and abiding by the HPCSA guidelines on protecting personal information is not enough to avoid penalties.

POPI regulates the usage and collection of personal data. Practices are required to handle all data carefully and provide data subjects with tools to update or delete personal information. They also need to alert data subjects immediately if there is any form of breach.

While we had ample time to prepare, many of us are now scrambling to become compliant. Arguably the impact of POPI on practices is enormous and becoming compliant takes a significant investment of administrative time.


Advocate FJP Marais, an experienced legal expert supporting healthcare practices becoming legally compliant with POPI, has provided 6 critical steps / minimum requirements to be compliant by 1 July 2021:


  1. Register as an Information Officer

  2. Do A Risk Assessment

  3. Complete Communications about POPI To Staff

  4. Staff Awareness Sessions - Data Subject Requests

  5. Staff Awareness Sessions – Notification of a Security Incident

  6. Staff Awareness Sessions – Correction or Deletion of Personal Information

  7. POPIA Section 18 Privacy Notification





Developed by Advocate FJP Marais for Healthcare Practices

Advocate Marais is an experienced legal expert with a proven track record of advising, educating, and supporting healthcare practices becoming legally compliant. He is involved in the healthcare industry as a legal advisor and currently focuses on POPI compliance services, assisting information officers of healthcare practices and facilitating staff awareness training on POPI. 


Why do You Need a POPIA Compliance Framework?


It is a legal requirement. Regulation 4(1) of the Regulations in terms of the POPI Act stipulates that an Information Officer (Practice Owner) must ensure that a compliance framework is developed, implemented, monitored and maintained.


Option 1: Your complete toolkit for compliance with the POPI Act (R 1,650.00 VAT inclusive)


Can you Implement the POPIA Compliance Framework Documentation Toolkit yourself?


  • You really can implement POPIA by yourself.

  • All you need is GO PIXEL / Assent Compliance’s POPIA COMPLIANCE FRAMEWORK DOCUMENTATION TOOLKIT, along with included guidance and support. Our toolkit was developed for ease of use and to be understandable, with no expert knowledge required.

  • You can reach out to us at any time during your implementation project.


Option 2: Development of your POPIA Compliance Framework plus help with the Implementation

(R 3,650.00 VAT inclusive)


When you implementing the POPIA Compliance Framework feels overwhelming


  • We do your POPIA Compliance Framework Development & Implementation

  • We send you a questionnaire and risk assessment for completion.

  • After receiving it back, we develop and implement your POPIA Compliance Framework

  • Send it back with a short to-do list to be POPIA compliant.

  • Includes 2 x 1-hour POPIA Awareness sessions online.