POPIA
Protection of Personal Information Act
South Africa
In force since 2021
Asia & Africa
Who must comply
Any party (responsible party) processing personal information in South Africa.
Penalties
Fines up to R10 million and, in serious cases, imprisonment.
Key obligations
- Process only with a lawful basis
- Obtain consent where required
- Limit processing to the purpose
- Honor data subject participation rights
- Notify the regulator of breaches
How ConsentX helps
Lawful-basis consent capture
Purpose-limited categories
Data subject request intake
Evidence and reporting
Get POPIA ready with ConsentX
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.
How to comply with POPIA using ConsentX
- 1
Scan your website
Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under POPIA.
- 2
Show a geo-aware consent banner
Add the ConsentX banner. It detects each visitor region and shows the consent experience that POPIA requires, automatically.
- 3
Block trackers until consent
Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.
- 4
Record tamper-evident proof
Every choice is stored as a tamper-evident consent receipt you can produce in a POPIA audit.
- 5
Handle data requests on time
Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.
Frequently asked questions
Who enforces POPIA?+
The Information Regulator of South Africa enforces POPIA, with fines up to R10 million for serious violations.