Cyber Doc logo Cyber Doc
Cybersecurity Term

What is POPIA?

South Africa’s privacy law for protecting personal information and handling it responsibly.

Risk & Compliance Last reviewed: 2026-05-20

← Back to Learn Centre

What is POPIA?

POPIA is South Africa’s privacy law that deals with how personal information should be collected, used, protected, stored, and shared.

Simple example

A business that stores client names, ID numbers, contact details, or financial information needs to handle that information responsibly.

Why it matters

Cybersecurity supports POPIA because personal information must be protected against loss, damage, and unauthorised access.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Know what personal information the business collects.
  • Limit access to personal information.
  • Protect systems that store personal information.
  • Keep retention and deletion practices clear.
  • Prepare a breach response process.

Reactive steps

  • Assess what personal information may be affected.
  • Contain unauthorised access or disclosure.
  • Preserve evidence and timelines.
  • Consider notification obligations with appropriate advice.
  • Improve controls to reduce recurrence.

Related terms

  • Personal information
  • Data breach
  • Risk