Protection of Personal Information Act (POPI Act, POPIA)

As an SOC 2 Type II certified organization, Dataddo is committed to complying with South Africa's Protection of Personal Information Act (POPI Act or POPIA).

What is POPIA?

The Protection of Personal Information Act (POPIA) was introduced in 2013 to protect personal information and the right to privacy in South Africa. The act applies to institutions operating in South Africa and requires them to conduct themselves in a responsible manner when collecting, processing, storing, and sharing personal information of others.

What are POPIA's principles?

To be POPIA compliant, an institution or organization has to meet the following principles:

• Accountability: Organizations must be accountable for processing personal information in compliance with POPIA.
• Processing limitation: Personal information usage must be lawful, with the minimal amount of information necessary to achieve the intended purpose.
• Purpose specification: Personal information must be collected, used, and retained for a specific purpose related to the organization's activity.
• Further processing limitation: Further processing of the information must be compatible with the original purpose for which it was collected.
• Information quality: Personal information must be kept up to date, complete, and accurate.
• Openness: Organizations must inform individuals about the collection of their personal information.
• Security safeguards: Measures must be taken to prevent loss of, or unauthorized access to, personal information.
• Data subject participation: Individuals have the right to access their personal information and request its correction or deletion.

By adhering to these principles, Dataddo ensures that it is compliant with POPIA and provides a secure environment for the processing of personal information.