Tel: +27(0)861 26 26 24

Common misconceptions regarding POPIA


·       POPIA is an “IT thing”, the responsivity of the IT department, or an “IT problem”
While paramount to compliance, technology itself is not the only solution – compliance requires that business and IT work closely together to manage data effectively, which at the same time provides a number of business benefits. With almost every business process underpinned by technology, IT does play a critical role to effect compliance.
·       The Information Officer function can be outsourced
The Information Officer and his/her responsibilities cannot be outsourced. The Information Officer must be either the organization’s CEO, MD or mandated Executive. The Information Officer can however make use of deputy officers and delegate certain tasks to members of the organization.
Ultimately, liability lies with the Information Officer.
·       As long as you gain consent, you are POPIA compliant
PoPIA promotes an “opt-in” rather than an “opt-out” culture. It is not a consent driven law and is just one of the conditions to lawfully process personal information under POPIA. The act defines consent to be any “voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information”. So, when relying on consent, it will have to comply with these three conditions.
·       POPIA only applies to information gained as of 1 July 2021
 POPIA compliance refers to the processing of personal data, irrespective of its age and/or time collected
·       Liability rests with the operator
Under POPIA, the outsourcing or sub-contracting of processing activities to operators does not absolve the responsible party from sole liability. If the operator contravenes POPIA, the responsible party will still be held liable by the Information Regulator.
It is therefore imperative for responsible parties to ensure that their agreements with contractors have the necessary provisions, and addresses liability for losses suffered as a result of negligence or breach of POPIA.

B-Logic has developed a governance framework to assist mid-size enterprises to gauge the maturity of their IT organization, and in accordance develop an IT strategy to ensure stakeholder value. With a core focus on POPIA compliance, it enables organizations to ensure that it has the necessary framework consisting of processes, policies, technologies, and controls to govern the complexities of the legislation and overall IT good governance.

For more information, reach out to us at or contact your Service Manager.