Access to information and the protection of certain types of personal information rights in South Africa are entrenched in the Constitution and are mainly regulated by the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPI). All entities must be POPI compliant by the end of June 2021 or face harsh penalties. 

The POPI Act is South Africa’s equivalent to the European Union General Data Protection Regulation (EU GDPR). The Act sets a number of conditions for you to lawfully process the personal information of data subjects (both juristic and natural persons).

The POPI Act has the biggest impact on organisations that process loads of personal information, especially personal information, account numbers, children’s information, etc. and the most affected industries are healthcare, financial services and marketing. Every business and organisation, irrespective of their nature, have in their possession certain information that must be protected in their own interest, which include but is not limited to–

  • business trade secrets
  • personal information of other entities or individuals, such as employees, clients, customers, etc.

The POPI Act will be regulated by an Information Regulator, with your organisation’s Information Officer being the key person who must ensure compliance.

Failure to comply with this legislation could have far-reaching criminal and civil implications for the organisation’s head and directors. Businesses are compelled by law to compile, submit and streamline certain documents on a regular basis.

For businesses and organisations to be fully information compliant, they will have to assess all of the following:

  • Commercial activities
  • Agreements
  • Employment contracts and policies
  • Corporate governance documents and structures
  • Skills level of staff

Need assistance with popi compliance?

The Coronavirus pandemic has forced many companies to allow staff to work from home. This poses significant data and information breach risks to companies and place additional compliance requirements on all business entities. Alignment across the total spectrum of organisational activity is therefore essential for businesses and organisations to survive in an ever-growing and regulated technologically advanced and challenging environment. 

Policies developed in terms of the PAIA and POPI are very important legal documents and require specialised attention to withstand future legal scrutiny and fully protect the business or organisation. These documents form the foundation of information compliance, while the synergy and alignment of all documents form the cornerstone of protection.

SERR Synergy assists businesses and organisations to compile and update information manuals as required by PAIA, and also assists entities to fully comply with procedures as required by POPI by setting up information security management systems policies where the physical information and cybersecurity risks of organisations are identified and managed to maintain the confidentiality, integrity and legitimate availability of data.

Whilst the focus of the POPI Act is on compliance, our approach is to implement compliance in such a way that it delivers business value and doesn't become a cost centre or overhead, but rather allows for improvements in efficiencies and effectiveness so as to meet the POPI compliance requirements.

In addition to our Information Compliance service offering, we also offer businesses Information Compliance training that includes training on POPI, PAIA and Consumer Law compliance requirements. For a quotation on our Information Compliance training, please contact us or refer to our Information Compliance Service Agreement for more information.


Contact Us for more Info

Information compliance solutions for businesses

Compiling and updating information manuals as required by POPI and PAIA. 

Our value-adding popi and paia service

All services and legal work relating to the implementation of your customised Information Compliance strategy are included in our fees. 

The following services are included:


  • Compiling an Information Manual as required by the Act
  • Submission of the Manual to the Information Regulator
  • Providing the Manual in electronic format for publishing on the client’s website
  • Registration of Information Officer with Regulator
  • Issuing of compliance certificate
  • Updating the Manual on an annual basis
  • Submitting and publishing the updates
  • Assisting with enquiries and requests in terms of the Act
  • Assisting with disputes and enforcement by the Regulator


Assisting the entity to comply fully with the following procedures as required by the Act:

  • Assisting the entity to comply fully with Protection of Personal Information legislation
  • Conducting a Risk Assessment Audit
  • Compiling a Risk Assessment Report
  • Providing legal compliance policies and agreements
  • Registration of Information Officer with Regulator
  • Issuing of compliance certificate
  • Annual updated audit and amendment of policy and strategic assessment reports
  • Assistance with any disputes regarding implementation of legislation
  • Assistance with any disputes or enforcement aspects by the Regulator

INFORMATION COMPLIANCE TRAINING (*once off training and excluded from the above service offering)

Please note, in addition to our Information Compliance service offering, we also offer Information Compliance training that includes training on POPI, PAIA and Consumer Law compliance requirements. For a quotation, please contact us or refer to our Information Compliance Service Agreement for more information.

Download Information Compliance Brochure

Online Resource & News Portal