What you can do now to protect your practice under POPI

  • POPI compliance is due to become obligatory for every business, organisation, or company which gathers, stores or utilises the personal information of citizens throughout South Africa.
  • “POPI” refers to the Protection of Personal Act, 2013.
  • Most medical practices are already health record protection-compliant. Section 17(1) of the National Health Act, 2004 stipulates that “The person in charge of a health establishment in possession of a user’s health records must set up control measures to prevent unauthorised access to those records and to the storage facility in which, or system by which, records are kept.”

Key differences pre- and post POPI

Key difference pre- and post-POPI will be (not an exhaustive list):

  • POPI is applicable on the processing (processing means the whole life cycle of information gathered) of all personal information, not just health records.
  • Medical practices need to take accountability for the processing of all personal information. That means that you must ensure that the Conditions for the Lawful Processing of Personal Information, plus all the measure that give effect to that conditions, are complied with during the determination of the purpose and means of the processing and during the processing itself. You must be able to physical show to the Information Regulator what you did to comply.
  • The size of the fine you are likely to incur if a data breach occurs.

What you can do now to protect your practice under POPI

  • A positive attitude is a crucial element for POPI compliance
  • As for general recommendations, your first and last steps towards compliance are the same: people. Whether it’s assigning an Information Officer or offering data protection training to staff, education is crucial.
  • Start implementing the necessary documentation to be able to proof that you are compliant.

How we can help you?


Start an awareness campaign by letting your staff attend 1 or both our specific POPI Compliant seminars. Look at the details:

  • Seminar 1: Privacy & Information Security Awareness in the Healthcare Practice. Details here
  • Seminar 3: Making Sense of the PAIA and POPI Acts in the Healthcare Practice. Details here

Step 2:

You can either implement POPI by yourself or asked us to do everything for you. All you need is GO PIXEL’s POPI DOCUMENTATION TOOLKIT, along with included guidance and support. Read more here about the different options available.

Can you implement POPI by yourself?

  • You really can implement POPI by yourself.
  • All you need is GO PIXEL’s POPI DOCUMENTATION TOOLKIT, along with included guidance and support.
    • Our toolkit was developed for ease of use and to be understandable, with no expert knowledge required.
    • We eliminate the stress and headache that can come with doing it yourself, and you’ll eliminate the huge price tag that comes with a consultant.
    • We’ve calculated your savings, and we estimate that you will save over 90% compared to the cost of a consultant.
    • We will meet with you regularly – will tell you where to start, what the next steps are, and how to resolve any issues you may face. You can meet via email, subscribe to our newsletter or through any other means at your convenience.
    • Reach out to us at any time during your implementation project with unlimited email support, and have your questions answered by us within 24 hours.
    • Once you complete your documents, let us review them – we’ll provide you with feedback and indicate what needs to be improved.


  • “The session was very informative and an eyeopener to me. I now know better and will do better.”
  • “Enjoyed the knowledge of the Adv.”
  • “Thank you again for yesterday’s very ‘informative’ workshop.”
  • “The lecture given by you was very informative, thank you.”
  • ” Very informative – important application for practice. Thank you”

Leave a Reply

Your email address will not be published. Required fields are marked *