Original Research

Enforcement of the Protection of Personal Information (POPI) Act: Perspective of data management professionals

Agbor T. Kandeh, Reinhardt A. Botha, Lynn A. Futcher
South African Journal of Information Management | Vol 20, No 1 | a917 | DOI: https://doi.org/10.4102/sajim.v20i1.917 | © 2018 Agbor T. Kandeh, Reinhardt A. Botha, Lynn A. Futcher | This work is licensed under CC Attribution 4.0
Submitted: 14 September 2017 | Published: 09 October 2018

About the author(s)

Agbor T. Kandeh, Centre for Research in Information and Cyber Security, Department of Information Technology, Nelson Mandela University, South Africa
Reinhardt A. Botha, Centre for Research in Information and Cyber Security, Department of Information Technology, Nelson Mandela University, South Africa
Lynn A. Futcher, Centre for Research in Information and Cyber Security, Department of Information Technology, Nelson Mandela University, South Africa

Abstract

Background: The urgency to enforce the Protection of Personal Information (POPIAct is building up within South Africa, triggered by the appointment of the Information Regulator for POPI on 01 December 2016. However, for data management practitioners, the absence of a practical guideline on how to legally process personal information of employees, customers or other juristic persons in line with the POPI Act poses a day-to-day technical challenge, especially for those embarking on a maiden journey to comply with the POPI Act.

Objectives: The objective of this article is to explore and analyse the unique perspectives of data management professionals who are vested with the responsibility of driving the successful enforcement of the POPI Act within their respective organisations, with the end goal of formulating a practical guideline for the enforcement of the POPI Act.

Method: To achieve the objectives of this research article, semi-structured interviews were conducted with a purposive, convenience sample of 16 data management professionals within companies in South Africa. A recording of their views was obtained through one-on-one interviews and a group interview.

Results: From the semi-structured interviews, group interview and response to the questions, several findings and learnings were elicited. Zooming into these findings showed close similarities in the actions taken by data management professionals operating in a similar industry. Based on these results, a high-level sequence of steps on how to enforce the POPI Act was formulated.

Conclusion: Based on the formulated sequence of steps, it is safe to conclude that the actions of data management professionals can be used to create a practical guideline to enforce the POPI Act. However, to standardise these guidelines across the data management function, there is a need to perform testing with a wider spectrum of data management professionals.


Keywords

POPI Act; privacy; enforcement; data management; information security

Metrics

Total abstract views: 6427
Total article views: 7599

 

Crossref Citations

1. Emerging South African smart cities: Data security and privacy risks and challenges
Francois P. Cornelius, Shandre K. Jansen van Rensburg
South African Journal of Information Management  vol: 26  issue: 1  year: 2024  
doi: 10.4102/sajim.v26i1.1847

2. Examining the impediments to compliance with the Botswana Protection Act at the Botswana Unified Revenue Services (BURS)
Manyeke Manyeke
Records Management Journal  year: 2025  
doi: 10.1108/RMJ-12-2024-0061

3. RETRACTED: Examining the predictive relevance of security, privacy risk factors, and institutional logics for e‐government service adoption
Anass Bayaga
THE ELECTRONIC JOURNAL OF INFORMATION SYSTEMS IN DEVELOPING COUNTRIES  vol: 88  issue: 1  year: 2022  
doi: 10.1002/isd2.12201

4. A framework of ethical issues to consider when conducting internet-based research
Liezel Cilliers, Kim Viljoen
SA Journal of Information Management  vol: 23  issue: 1  year: 2021  
doi: 10.4102/sajim.v23i1.1215

5. Perceptions and motivational factors of Chinese coffee consumers towards robot baristas: a Technology Acceptance Model 2 perspective
Ka Leong Chong, Ge Zhang
Journal of Hospitality and Tourism Insights  vol: 8  issue: 1  first page: 350  year: 2025  
doi: 10.1108/JHTI-01-2024-0126

6. The Need for Inclusive Education and Teacher Support in Mainstream Classrooms: The Perspectives of Teachers in KwaZulu-Natal Province
Kavitha Govender, Julie Shantone Rubbi Nunan
Curriculum and Teaching  vol: 40  issue: 1  first page: 25  year: 2025  
doi: 10.7459/400103

7. The challenges in employing digital marketing as a tool for improving sales at selected retail stores in the transkei region
Mpumzi Guzana, Steven Kayambazinthu Msosa
EUREKA: Social and Humanities  issue: 3  first page: 3  year: 2022  
doi: 10.21303/2504-5571.2022.002389

8. Protection of Personal Information Act in Practice: A Systematic Synthesis of Research Trends, Sectoral Applications, and Implementation Barriers in South Africa
Gugu G. Sema, Pius A. Owolawi, Oludayo O. Olugbara
Sustainability  vol: 17  issue: 19  first page: 8529  year: 2025  
doi: 10.3390/su17198529

9. Information sharing and information quality in Southern African humanitarian supply chains during disaster response
Marni de Wet, Wesley Niemann, Carla Schutte
Acta Commercii  vol: 25  issue: 1  year: 2025  
doi: 10.4102/ac.v25i1.1323