Risky Business – POPI, Data, Risks and Compliance

As South Africa progresses on its long journey toward improved compliance with the Protection of Personal Information Act (POPI), issues surrounding data and cyber security are fast becoming a focus area for businesses

The act aims to promote the protection of personal data and help set South Africa on the same level as global data practices, thereby growing its digital economy and promoting citizens constitutional right to privacy.  

Enforcement goes into effect on 01 July 2021 and failure to adhere to these regulations can lead to hefty fines of up to R10 million, criminal liability and civil cases. 

Changing Digital Landscape

Compliance, cybersecurity, training and monitoring have been a growing burden for a large number of organisations and many of them are battling to keep up with a constantly changing digital and legislative landscape. 

‘In some of our initial interactions with organisations, we often see examples of where sensitive information that can be used for identity theft is not being handled correctly. This exposes businesses and individuals to a huge amount of risk, says MASA Outsourcing, Director, Wayne Stainforth.  

International Standards

Besides an inbox full of annoying marketing emails that you did not sign up to, there are many unfortunate horror stories about how personal and financial data has been mishandled and for obvious reasons, many countries are taking stricter measures as to how data is protected.   

One of the best examples of these changes was the implementation of the General Data Protection Regulation (GDPR) in the EU and EEA, which is one of the world’s strongest set of data rules. It was designed to give citizens more control over their data and places limits on what organisations can do with it. 

There is much overlap in terms of processing conditions with GDPR and POPI but where GDPR is confined to information about living natural persons, POPI applies to the personal information of both living natural persons and existing juristic persons.


Businesses understandably want to avoid compliance issues but might not have the technical expertise or resources to carry out the necessary requirements, especially in these already challenging times.  

Many companies have been urged to, and have started using this grace period to begin planning ahead, from appointing information officers and updating contracts to better understanding the compliance framework along drafting new policies.

Unfortunately, some businesses have not started this process even with the looming commencement date, largely due to other priorities caused by the Coronavirus.  

Personal Information

The traditional HR function in any organisation holds a staggering amount of personal information starting from when an employee is recruitedwhether on a temporary or permanent basis until even after they leave.

This information includes grievances, details of disciplinaries, health information, biometrics, ID numbers, payroll and salary information etc. 

Companies are required to implement strict security measures in order to ensure the integrity and confidentiality of this information. 

This also includes taking the extra technical and cyber security steps in preventing the loss, damage and unlawful access of this data. 

Only the bare minimum of information should be collected for legitimate purposes and with proper consent. 

This data should also not be used for any other purpose and kept for a period longer than that which is required to fulfil its purpose. 

Outsourced Solutions

Given the extra burden and complexity of the task, it is no surprise that many of our clients are using POPI and other data privacy legislations as a reason for seeking an outsourced solution when it comes to their HRstaffing, industrial relations, payroll and employment functions. 

Outsourcing these HR tasks allows you to focus on what matters – growing your business. 

The legislation can be viewed as an opportunity for a good spring clean

It can provide an often well needed chance to re-assess data policiesstreamline your businesssimplify time consuming processes and focus on marketing and customer communication strategies. 

As Japanese organizing Guru, author, and TV show host, Marie Kondo says “Your real life begins after putting your house in order.’

The Outsourcing Service Provider is already geared towards a maximum level of data protection, since being experts at managing staffing functions and processing large amounts of personal information securely offsite is one of the key functions of the business. 

Wayne Stainforth, Director of MASA Outsourcing says, ‘Considering our scale and market experience, we can provide clients with an unparalleled level of service. MASA Outsourcing provides comprehensive outsourced services to over 200 blue chip multinational entities while managing in excess of 12 000 payroll transactions, administered monthly by our in-house specialists.’

Your Outsourcing Partner

Masa Outsourcing is a South African labour powerhouse placing thousands of staff countrywide through its various divisions and entities. We have offices in Johannesburg, Cape Town, Bloemfontein, Port Elizabeth and Durban.

Four decades of experience in Vetting and Hiring, Recruitment, Site Operations, Industrial Relations Solutions, Payroll Services, Staff Management, Human Resource and Labour Management; we are the only Staffing Specialist positioned to manage your labour hire needs comprehensively.

Get in touch