The POPI Bill – Impending Doom or a Marketing Opportunity?

Posted on: in Internet Marketing The Formula Digital Marketing

You’ve probably heard about it by now – the POPI Bill – or Protection of Personal Information Bill.

Some businesses know that in some vague way, the POPI Bill applies to them, but most believe that only larger organisations such as banks, large retailers, telecoms providers and insurance companies will be affected by the POPI Bill.

This is not true. The POPI Bill applies to all organisations – large and small. If you are sending marketing communications via email or SMS, then listen up because the POPI Bill applies to you!

Lets define POPI!

On the 22nd August 2013, the South African Parliament approved the POPI Bill and released the following statement:

The Bill gives expression to the right to privacy provided for in the Constitution. The right to privacy includes the right to protection against unlawful collection, retention, dissemination and use of anyone’s personal information. The Bill is comprehensive and regulates the manner in which personal information may be processed, by establishing conditions in harmony with international standards that prescribe the minimum threshold requirements for the lawful processing of personal information”.

In other words, the POPI Bill is intended to regulate how personal information is collected, stored and used.

Taking the definition further, the term ‘Personal Information’ refers to any information relating to a natural person or a juristic person (such as a company). This information includes:

  • Contact Details: email, telephone number, cellphone number, postal/physical address
  • Demographic Information: age, gender, race, birth date
  • Personal History: identification number, education, employment, medical history, financial information, HR data
  • Biometric Information: blood type, fingerprints, iris/retina, facial recognition
  • Communications: correspondence (such as email records), opinions etc.

Although final sign-off by the President remains pending, forward thinking, risk aware organisations are already putting systems in place to ensure that they comply with the requirements of POPI throughout all aspects of their organisation.

Once the President has signed the POPI Bill off, companies will have just one year to ensure full compliance with the Bill.

Why non-compliance with POPI is a serious business risk

The Risk of Legal Action

Ask yourself this: is sending that unsolicited email in the hopes of generating some business really worth jail or a debilitating fine?

A governing body dedicated to the POPI Bill – The Information Regulator – is set to be launched in the near future to manage consumer complaints, queries and appeals. This body will have the authority to issue fines for non-compliance – fines to the tune of R 10-million, as well as motivate the imprisonment of an offending party for up to 10 years.

The South African government is taking this Bill very seriously – and so should you!

The Risk of a Sullied Reputation

According to Deloitte, Reputation is now seen globally, as a top strategic risk!

By not complying with POPI, your organisation runs the risk of doing some serious and irreversible damage to your reputation. We have all had the experience of being contacted seemingly ‘out of the blue’ by an insurance, or cellular company. Think about your emotions when this has happened to you. Do you want that emotion to be associated with your brand?

Industries, as well as companies in addition to facing the legal ramifications of unsolicited contact, will also entrench a tarnished reputation in the market. A company that has not implemented the correct measures to safely acquire, store and use personal information, will be seen as unprofessional and untrustworthy.

In today’s tough economy, no company can afford this. Successfully keeping your nose clean, is becoming increasingly important.

Acquiring, maintaining and storing info – POPI style…

Most of us use either email or SMS, or a combination of the two as a means to advertise our products and communicate with prospects and customers. Historically, we’ve obtained this details in a variety of ingenious ways. A few examples include:

  • Newsletter subscriptions online
  • Client / prospect databases belonging to sales staff
  • Purchased email  / mobile phone lists
  • Attendee lists from events
  • Prospect details obtained during sales calls / meetings
  • Business cards collected at trade shows
  • Referrals received from industry partners
  • Contact details obtained at an online point of purchase

How many of the contacts on our marketing lists have never been asked to ‘opt-in’ to our communications? The POPI Bill aims to ensure complete transparency and 100% approval for every communication sent out.

In addition, we are now required to ensure that we only collect personal information for a specific purpose, as well as ensure that this information is stored within a secure environment.

Information may only be collected and kept with the permission of the contact and no onward distribution of that information is allowed, unless again with specific, written consent of the contact.


Here’s what to do to comply POPI style:-

Qualify your current contacts - if you already have a client or prospect database in place, think about sending a communication to that database, requesting that individuals confirm their willingness to receive your communications (this will cover the ‘opt-in’ requirement), while providing them with an opportunity to update their details.

Be transparent - When asking new or existing clients and prospects to opt-in to your communications, be sure to confirm what information you intend keeping on record and how you intend to keep and safe-guard that information. And above all, ensure that you stick to your promises! Should The Information Regulator decide to run an audit on your environment, you’ll want to emerge squeaky clean!

Provide the option to opt-out - If you are using best practice in your electronic marketing communications, you will already have a fully functioning and efficient ‘unsubscribe’ or ‘STOP’ feature. Be sure that your opt-out function works first time, every time. Once an individual has decided that they no longer wish to receive your communications, a single request to opt-out is all that should be required of them.

Keep information current - One of the requirements of POPI is to keep personal information up-to-date, so ask your clients and prospects to confirm or update their details with you every few months.

Be specific - POPI requires companies to keep personal information for a specific purpose. Rather than maintaining a general database which you use to communicate a range of services or information, enable your database to choose what information they wish to receive. For example they may wish to receive a monthly newsletter from you, but not your weekly specials list.

While POPI may appear somewhat of a drag, it is in truth a boon for marketers and consumers alike. For marketers, we get to send targeted communications to a group of people who are genuinely interested in receiving them. POPI will hopefully result in a reduction in spam, which means that marketing communications delivered to our prospects will be easier for them to find and will be welcomed, as opposed to being seen as an intrusion.

The trick is to embrace this change and use it to our advantage.

For more information on POPI, visit:

Do you need help to ensure your marketing strategies are compliant with the new POPI Bill?  Give Garth Dahl or Shiraz Khatib a call on 021 556 5661 or email us: – our consultations are free and we look forward to keeping your company abreast of the latest trends in marketing!


Comments are closed.