South Africa
Internet Banking Insurance Online International Banking International Investment Platform Life Insurance Online Online Share Trading Standard Bank Connect Stanlib Online StockBroking WebTrader
Internet Banking Online Banking for Business New Business Online API Marketplace New Foreign Exchange Rates Market Data Merchant Online TradeOnline TradeSuite Fleet360 New
Personal link-chevron Created with Sketch.
Overview
link-chevron Created with Sketch. Products and Services link-chevron Created with Sketch.
link-chevron Created with Sketch. Products and Services
Bank with us link-chevron Created with Sketch.
Bank accounts
Credit cards
Savings and investment
Digital wallets
Foreign exchange
Foreign Nationals
International solutions
Prepaid cards
Sharíah banking
Borrow for your needs link-chevron Created with Sketch.
Personal loans
Credit cards
Vehicle Financing
New home loan
Existing Home Loan
Student loans
Grow your money link-chevron Created with Sketch.
Savings and investment
Financial planning
Retirement solutions
Investment solutions
Share trading
Bespoke solutions
Insure what matters link-chevron Created with Sketch.
Your car
Your home
Your future
Yourself
Your debt
Standard Bank Insurance App
Customer Solutions link-chevron Created with Sketch.
Debt Management solutions
Debt Care Centre
Deceased Estates
Ways to bank link-chevron Created with Sketch.
Self service banking
Innovative payment solutions
Help centre
Security Centre link-chevron Created with Sketch.
Security Centre
Protect yourself
link-chevron Created with Sketch. UCount Rewards link-chevron Created with Sketch.
link-chevron Created with Sketch. UCount Rewards
Rewards Retailers
UCount Rewards
UCount Rewards Travel Mall
link-chevron Created with Sketch. Standard Bank Connect
link-chevron Created with Sketch. Learn
Business link-chevron Created with Sketch.
Overview
link-chevron Created with Sketch. Products and Services link-chevron Created with Sketch.
link-chevron Created with Sketch. Products and Services
Bank with us link-chevron Created with Sketch.
Business Bank accounts
Trust accounts
Business and corporate credit cards
Switch your bank account
Foreign exchange
Shari’ah banking
Borrow for your needs link-chevron Created with Sketch.
Business Loans
Vehicle and asset finance
Commercial property financing
Specialised financing
Loan calculator
Grow your money link-chevron Created with Sketch.
Business saving and investment accounts
Insure what matters link-chevron Created with Sketch.
Your business
Loans
Corporate risk
Your agri business
Your vehicles
Commercial property
Engineering risk
New contracts
Cargo
Cash
Events
Directors and Officers
Your people
Commercial Cyber Insurance
Business solutions link-chevron Created with Sketch.
Workplace solutions
Specialised
Fleet management
Industry
Trade Suite
Merchant solutions
Ways to bank link-chevron Created with Sketch.
Self service banking
Digital Banking
Innovative Payment Solution
MyUpdates
Security centre link-chevron Created with Sketch.
Bank safely
Protect yourself
Scams and fraud
link-chevron Created with Sketch. BizConnect link-chevron Created with Sketch.
link-chevron Created with Sketch. BizConnect
link-chevron Created with Sketch. Trade Suite
link-chevron Created with Sketch. UCount Rewards
Corporate and Institutions
Wealth link-chevron Created with Sketch.
Insurance
Insurance
Fiduciary
Fiduciary
link-chevron Created with Sketch. Investments
link-chevron Created with Sketch. Wealth Management
News and Media
About us
Locate Us
Contact us
icon-close Created with Sketch.
Choose your country or region
icon-search-black Created with Sketch.
Africa
Angola Created with Sketch. Angola Botswana Created with Sketch. Botswana Ethiopia Created with Sketch. Côte-d'Ivoire DRC Created with Sketch. DRC Swaziland Created with Sketch. Eswatini Ghana Created with Sketch. Ghana Kenya Created with Sketch. Kenya Lesotho Created with Sketch. Lesotho Malawi Created with Sketch. Malawi Mauritius Created with Sketch. Mauritius Mozambique Created with Sketch. Mozambique Namibia Created with Sketch. Namibia Nigeria Created with Sketch. Nigeria South Africa Created with Sketch. South Africa Tanzania Created with Sketch. Tanzania Uganda Created with Sketch. Uganda Zambia Created with Sketch. Zambia Zimbabwe Created with Sketch. Zimbabwe
Europe
Isle of Man Created with Sketch. Isle of Man Jersey Created with Sketch. Jersey United Kingdom Created with Sketch. United Kingdom
Asia Middle East
China Created with Sketch. China United Arab Emirates Created with Sketch. United Arab Emirates
Americas
United States Created with Sketch. United States of America
Everything you need to know about POPIA
Lifestyle

Everything you need to know about POPIA

Now that data is one of the most valuable commodities in the world, it is important for individuals to be mindful of the personal data they share and with whom they share it. In the past, there have been instances where personal data has been used in harmful ways, which highlighted the need for legislation to be put in place to protect consumers.

South Africa has officially taken a necessary step in implementing data privacy legislation, and the Protection of Personal Information Act (POPIA) has come into full effect as of 1 July 2021.

What is POPIA?

The Protection of Personal Information Act is built on the guiding principles of accountability, transparency, security, data minimisation and the rights of data subjects. The intention behind this legislation is to provide South African citizens with enforceable rights regarding their personal information and increased control over how their personal data is collected and used. Organisations that handle personal data are required to be transparent with details about what they do with our data, how long they keep it and how they protect it.

POPIA applies to organisations that are based in and/or process data in South Africa. The act has 8 principles that South African data processors must follow:

  • Accountability: The responsible party must ensure that the conditions and all the measures set out in the Act that give effect to such conditions are complied with at the time of determining the purpose and means of the processing.
  • Processing limitation: Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject.
  • Purpose specification: Personal information may only be processed for specific, explicitly defined, and legitimate reasons.
  • Further purpose specification: Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose.
  • Information quality: The responsible party must take reasonable steps to ensure that the personal information collected is complete, accurate, not misleading and updated where necessary.
  • Openness: The data subject whose information you are collecting must be aware that you are collecting such personal information and for what purpose the information will be used.
  • Safety safeguards: Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction, and disclosure.
  • Data subject participation: Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them.

The purpose of these principles is to encourage responsibility, security and consent. The Act also provides special protections for distinct categories of data as well as the data of children.

Key role players included in the act:

  • Data subject: Any party to whom the personal information relates
  • Information regulator: An independent body that will serve as the enforcer and supervisor of the law
  • Responsible body: A public or private body that determines the purpose and means for processing personal information of a data subject
  • Operator: A party that processes personal information on behalf of the responsible party
  • Personal information: Any information relating to an identifiable, natural or juristic person (companies), which includes, but is not limited to, information pertaining to race, education, marital status, criminal history, sex, employment history, medical history and political affiliations

Does POPIA apply to everyone?

The law primarily applies to those who process data for commercial purposes; however, the following are not covered by POPIA:  

  • Data processed for personal reasons
  • Data that is de-identified and cannot be reinstated
  • Data processed by (or for) a public body relating to national security, law enforcement or the justice system
  • Data processed by a province's cabinet and committees or executive council
  • Personal information that involves national security, including activities that are aimed at assisting in the identification of the financing of terrorist and related activities, defence or public safety
  • Personal information that can be used to prevent, detect or assist in the identification of the proceeds of unlawful activities and the combating of money laundering activities, investigation or proof of offences, the prosecution of offenders or the execution of sentences or security measures to the extent that adequate safeguards have been established in legislation for the protection of such personal information

How do you comply if I am the responsible party who is processing personal data?

If you fall under the category of those who process data in South Africa, then you would need to follow these steps to comply with the Act:

  • Obtain consent before collecting data (or processing, storing or sharing it)
  • Be sure to only collect data needed for legitimate purposes
  • Use the information in a way that matches the purpose of collection
  • Take reasonable security steps to protect the integrity of the information
  • Store the information only as long as required
  • Uphold data subjects' rights by providing access and corrections to information
  • Create policies to notify the regulator about your processing activities, such as a privacy policy

What happens when you don’t comply?

Failing to comply with POPIA can result in fines of up to R10 million and up to 10 years in prison. Businesses and organisations that fail to comply with POPIA are also at risk of facing class action lawsuits as the legislation offers data subjects the ability to institute civil action for damages against organisations, irrespective of the organisations’ intent.

How will POPIA affect me?

If you are a business owner, you will have to ensure that you comply with the legislation to avoid legal penalties. You may need to review how you collect and use data while also ensuring that you take the necessary steps to protect it by beefing up your data/information security.

For consumers, you now have specific rights in terms of how organisations handle your personal information, and you also have more control over your personal information. Since companies are no longer allowed to sell your information, you will likely receive less spam and unsolicited robocalls. You are empowered to make more informed decisions about what personal information is collected, who collects it and what they intend to do with it.