POPIA and Your Website: What SA Business Owners Must Know

POPIA applies to your website — even if you are a sole proprietor

The Protection of Personal Information Act came into full effect in July 2021. It governs how any person or organisation in South Africa collects, uses, stores, and protects personal information. If your website has a contact form, a quote request, or any mechanism for collecting visitor information — POPIA applies to you. This includes sole proprietors, micro businesses, and one-person operations.

What counts as personal information under POPIA?

• Full names, surnames, and ID numbers
• Email addresses and telephone numbers
• Physical and postal addresses
• IP addresses — collected automatically by Google Analytics on almost every website
• Race, gender, health information, and other special personal information categories

What your website must have to comply

A Privacy Policy page

Your website must clearly explain what personal information you collect, why you collect it, how it is stored and protected, how long you retain it, and who you share it with. This policy must be accessible from every page — typically via a footer link.

Cookies disclosure and consent

If your website uses cookies — and any site using Google Analytics does — you must inform visitors and obtain consent for non-essential cookies. A cookie notice with accept and decline options satisfies this for most small businesses.

HTTPS encryption

All data collected via your website must be transmitted securely. HTTPS is mandatory. A website still running on plain HTTP is a POPIA compliance issue, not just an SEO problem.

A process for data access requests

Individuals have the right to request what data you hold on them and to request deletion. You need a mechanism for this — even a dedicated email address documented in your Privacy Policy.

POPIA penalties

POPIA is enforced by the Information Regulator of South Africa. Penalties for serious breaches can reach R10 million. The Information Regulator has been increasingly active since 2022. This post provides general information only and does not constitute legal advice.

What Mint includes as standard

Every Mint website is built with HTTPS via SSL, a POPIA-compliant Privacy Policy page, and secure form submission. View our own policy at mintagency.co.za/privacy-policy as an example.