POPIA and the Rural Business

security picture

The protection of personal information act (POPIA) is being received with mixture of awe, admiration, and weariness. Awe because the law itself solves the problem of unsolicited marketing and spamming. Admiration because the state is taking such a bold move to ensure organisations take active steps in protecting the personal information of people. The people are also weary about the cost implications of getting compliant with the regulations set out in the act.

While you are frantically waiting for the phone to ring for that new job, the guy who took your number to call, or life or death news about your loved one, the person you find yourself talking to instead is Anele from a telesales company telling you that you should spend your money on some product. No Anele, I don’t want a new phone, I can’t afford that insurance package and in fact the call itself offends me because it makes me aware of my financial distress.

Just for interests’ sake, you ask Anele where she got your number. She proceeds to inform you of a database they use that continuously feeds them the next person to call. Of course, now you realise that there is no end in sight to you making new friends over the phone, because we are polite to those who take time to call us right. NO!

POPI addresses this pandemic of unsolicited communication. Now, any private or public body that wants to process your personal information needs your consent for collecting it, they also need to inform you of the purpose that this information is being collected. If the company intends to keep the information and use it again for something else, they need to tell you what that something is and get your written consent. Similarly, if that company intends to give your information to another party for whatever reason, they again need to have your consent in writing and give you that reason.


For the rural business, this fuss presents a whole new challenge. Urban based businesses who have long made the migration to the digital world of soft copies, are handling POPIA with ease. Not so much for businesses whose operation is completely paper based. The personal information of their customers is kept in A4 exercise books. These books are sometimes archived in boxes that can be accessed by any amateur dumpster diver.

Getting consent from data subjects in written form will be a tedious affair. This challenge is an incentive for businesses to move their operations online. Ensuring confidentiality, integrity, and availability of the data in their possession also satisfies condition 7 of the act. This also simplifies business operations and improves transparency and easy detection of incidents.

The risk assessment in many of these rural businesses reveals weak to non-existent security controls which leave the seemingly best run businesses wanting. These businesses need to fast track their digitization efforts. The data in their possession needs to be corelated and sorted before being captured on to digital storage and the physical documents archived in a secure way.

Openness is one of the conditions of the act. As such, when a data subject requests to view their personal information which is in your possession to ensure that it is correct, the responsible party must within a reasonable time produce the personal information in their possession to the data subject. It goes without saying that this exercise would be especially cumbersome for physical documentation.

physical files

Though businesses are weary of the cost of getting compliant with POPIA, it is a necessary exercise that really is a benefit to your business in the long run. Technodelic Information Security Consulting offers affordable packages for all your POPIA compliance needs.

Find out how we can work out easy payment terms while you enjoy peace of mind by sending a WhatsApp message with the ‘Name of business + Sector business is in’ to 081 3111804.