Maryna holds the BA, LLB, LLM degrees and is a Director at the Cape Town branch of STBB. She is an admitted Attorney, Notary Public, Conveyancer and Insolvency Practitioner with many years of experience in the fields of property law, conveyancing and the laws relating to corporate compliance (especially in respect of the FICA and POPIA laws). Up until 2018 she was also head of the firm’s national marketing portfolio. She is a seasoned public speaker and presenter, both in person and online. She prepares text for the majority of STBB’s internal and external publications and is editor and co-writer for two pivotal publications in the South African real estate industry – the ABC of Conveyancing (JUTA) and Delport’s South African Property Law and Practice (JUTA).


As a business owner, it is likely that you are receiving your fair share of invitations to utilise services of quick-fix tools to facilitate and simplify your path to comply with POPIA (Protection of Personal Information Act 4 of 2013). It ranges from online self-assessments to autogenerated policies. Whilst many such offerings have invaluable components they are at the same time akin to aligning your future with the daisy’s answer to he-loves-me he-loves-me-not.  It’s far too risky.

The answer to why this is so is two-pronged: first, every business is unique and the collection, use and management of the personal information that it collects, often inadvertently, will differ from business to business. Secondly, to comply with POPIA requires that whatever privacy protection measures are put in place, must be relevant to that organisation’s day to day affairs.

Think of it in this way: from a POPIA point of view, collecting personal information for gym contract applicants, differs vastly from the data obtained from a client to sign up for a retail club card (such as a Clicks club card), which in turn is equally distinct from recording details of a student enrolling at a technikon. The collection of email addresses by a restaurant with the intention to use it for future promotions, by a managing agent for purposes of sending invoices to owners in schemes, or by a pharmacy for purposes of notification of repeat scripts, are other examples of processes that appear very similar, but which cannot be likened under POPIA.

Each business must therefore approach POPIA compliance with introspection into its own business footprint. Failing this, a one-size-fits-all approach in an attempt to comply with POPIA risks missing the nuances that present. Working on POPIA compliance just for the sake of doing it, will probably be insufficient, frustrate your employees and management team, as well as waste precious time, resources and money on false starts. It is better to adopt a proper due diligence approach and appoint an attorney or consultant to assist with your compliance challenges from the outset.

Contact us at should you have enquiries or need assistance in your journey to comply with POPIA.

For the best legal advice and personalised service, let's talk
Subscribe to our monthly newsletters, subscribe