As a web designer I am not qualified to make legal suggestions but I have noticed that many website owners are not aware of the legal requirements when they have a website. This article is a summary of what is expected, why, who it relates to and what is needed.



The POPI Act is the protection of personal information Act 4 of 2013 which comes into effect 1 July 2021.

This legislation is aimed at regulating the processing of personal information in a manner which gives effect to people’s right to privacy.

Processing refers to any activity concerning personal information, whether you collect client info when they purchase a product on you website or if you simply use cookies on your website.

Section 18 requires that you notify people who you collect information from in the following manner:

  • Which information you collect, disclose FB tracking,  or the use of couriers.
  • The name and address of the responsible party
  • The purpose for collecting the information
  • Whether supply of the information is mandatory or not
  • The consequences of failure to provide the information
  • Recipient of the information
  • Existence of the right to object to the processing of personal information
  • Right to lodge a complaint  to the Information Regulator.

 There are 8 conditions to process information 

  1. Implement proper processes and policies.
  2. Only collect what you are entitled to.
  3. Do not retain info longer than necessary.
  4. Do not use info for something other that what is in procedures and consents.
  5. Processes and access of client to email so that they my contact you to change their personal information.
  6. Disclosure policies.
  7. Loss of damage of personal info.
  8. Allow clients access to their personal information on request.

In the event of a data breach you have to disclose to your clients that their information has been breached.

Each business has to register for POPI. Click here to go to the registration portal.

It is the responsibility of the person that owns the website to implement the proper policies and regulations, to register your business in the portal and to instruct the web designer to add those policies to the website.

The information regulator will enforce and police the law.

Section 69 indicates that you may direct market to a client without them opting in to marketing provided they have ways to opt out.

Ensure that anywhere that you collect information on your website there is a blurb with your privacy policy.


  • Website privacy policy.
  • Operator agreement (when external person has access to personal information)
  • Internal workplace policy (larger companies)
  • Information Officer Registration


This is a legal document that can be obtained from your lawyer or if the budget does not allow here are some available online. 


At Web Chameleon we can add these policies to your WordPress website.


The resources used for this blog post is:

  • (Kyle Torrington registered attorney)