Lesson Introduction
The Protection of Personal Information Act (POPIA) governs how personal information is collected, stored, shared, and protected in South Africa. Since coming into full enforcement, POPIA has shifted privacy from a background legal concept into a practical operational responsibility for organisations across all sectors.
When controls fail, personal information is exposed through breaches, unlawful marketing, weak access controls, and poor vendor oversight. When controls work, they protect dignity, preserve trust, and reduce regulatory, reputational, and legal risk. As enforcement actions have shown, organisations remain accountable for personal information even when third party service providers are involved.
In this module, we examine how POPIA operates in practice. Using real South African examples, we explore what counts as personal information, how consent and security obligations apply, what rights data subjects hold, and how organisations are expected to respond to breaches and complaints. We also consider how POPIA interacts with modern technologies, including AI, and how the Act applies specifically within the financial sector.
This module is designed for professionals who need a clear, practical understanding of POPIA and how it affects everyday organisational operations.
Learning Outcomes
By the end of this module, you will be able to:
- Explain the purpose and scope of POPIA Understand why POPIA exists, when it applies, and which organisations and activities fall within its reach.
- Identify personal information under POPIA Recognise the full range of protected information, including sensitive categories and juristic person data.
- Apply data subject rights Understand rights to notification, access, correction, objection, and complaint, and how organisations must respond.
- Understand accountability and security obligations Identify organisational duties relating to access control, breach notification, and third party operators.
- Analyse real world POPIA incidents Apply lessons from South African enforcement actions and publicised data breaches.
- Recognise best practice compliance approaches Understand how transparency, data minimisation, and security by design support POPIA compliance.
- Assess POPIA’s relevance to the financial sector Identify how banks, insurers, credit providers, and fintechs are affected by privacy regulation.