Maryna holds the BA, LLB, LLM degrees and is a Director at the Cape Town offices of STBB. She is an admitted Attorney, Notary Public and Conveyancer with many years of experience in the field of property law and conveyancing. She is also the firm's Marketing Director and attends to external publications for the firm as well as conducts ongoing training for estate agent and bankers training and is a regular seminar presenter for attorneys and property practitioners.


As a business owner, it is likely that you are receiving your fair share of invitations to utilise services of quick-fix tools to facilitate and simplify your path to comply with POPIA (Protection of Personal Information Act 4 of 2013). It ranges from online self-assessments to autogenerated policies. Whilst many such offerings have invaluable components they are at the same time akin to aligning your future with the daisy’s answer to he-loves-me he-loves-me-not.  It’s far too risky.

The answer to why this is so is two-pronged: first, every business is unique and the collection, use and management of the personal information that it collects, often inadvertently, will differ from business to business. Secondly, to comply with POPIA requires that whatever privacy protection measures are put in place, must be relevant to that organisation’s day to day affairs.

Think of it in this way: from a POPIA point of view, collecting personal information for gym contract applicants, differs vastly from the data obtained from a client to sign up for a retail club card (such as a Clicks club card), which in turn is equally distinct from recording details of a student enrolling at a technikon. The collection of email addresses by a restaurant with the intention to use it for future promotions, by a managing agent for purposes of sending invoices to owners in schemes, or by a pharmacy for purposes of notification of repeat scripts, are other examples of processes that appear very similar, but which cannot be likened under POPIA.

Each business must therefore approach POPIA compliance with introspection into its own business footprint. Failing this, a one-size-fits-all approach in an attempt to comply with POPIA risks missing the nuances that present. Working on POPIA compliance just for the sake of doing it, will probably be insufficient, frustrate your employees and management team, as well as waste precious time, resources and money on false starts. It is better to adopt a proper due diligence approach and appoint an attorney or consultant to assist with your compliance challenges from the outset.

Contact us at should you have enquiries or need assistance in your journey to comply with POPIA.

For the best legal advice and personalised service, let's talk