Maryna holds the BA, LLB, LLM degrees and is a Director at the Cape Town branch of STBB. She is an admitted Attorney, Notary Public, Conveyancer and Insolvency Practitioner with many years of experience in the fields of property law, conveyancing and the laws relating to corporate compliance (especially in respect of the FICA and POPIA laws). Up until 2018 she was also head of the firm’s national marketing portfolio. She is a seasoned public speaker and presenter, both in person and online. She prepares text for the majority of STBB’s internal and external publications and is editor and co-writer for two pivotal publications in the South African real estate industry – the ABC of Conveyancing (JUTA) and Delport’s South African Property Law and Practice (JUTA).


In our Compliance Unit at STBB, I resist alarmist communication to business owners regarding their POPI or POPIA (the Protection of Personal Information Act) compliance obligations.  It is indeed the large proverbial elephant that must be served and digested before 1 June 2021, but it is relatively easily achievable if the business management has the right mindset, a healthy POPI appetite. This is best achieved by knowledge and understanding of the requirements of POPIA, rather than fuelled by threats of financial penalties and reputational damage.

In this month (November 2020), our Compliance Unit will publish four weekly notes to demystify some misconceptions that we encounter in our dealings with clients, and our weekly blog will elaborate on the titles. The four topics are:

  1. Complying with POPI is a big business worry only
  2. Step up IT security to comply with POPIA
  3. One-size-fits-all bundles are okay to achieve POPI compliance
  4. POPI is unnecessary red tape and another way for government to get at businesses

Our Thought of the Week on 3 November addressed the first topic, so let’s elaborate thereon.



The reason why the vast majority of businesses will need to comply with POPIA is because they collect and process personal information of ‘data subjects’ for some or other function of the business. Viewed against a POPIA background, the latter makes up a big chunk of the elephant to digest. I say this because the words used in the Act are defined to stretch wide:

  • Data subjects’ are living human beings as well as entities, such as companies, close corporations and trusts.
  • ‘Processing’ of information includes almost any activity with personal information, for example, where the business collects personal information from a client, customer, employee or service/goods provider to the business, and uses it to issue an invoice or receipt, create a client ledger, to perform a service for the client, to provide a reference for a previous employee, and so forth. The information is typically recorded on paper, or in a computer, stored for a given period, and later deleted or destroyed. Each of the underlined activities constitutes ‘processing’ of personal information. In the industry, one often explains to clients that processing’ of personal information refers to the whole lifecycle of the information in the hands of the business.
  • ‘Personal information’, in turn, is defined to include any piece of information imaginable as long as it relates ‘to an identifiable, living natural person, and where it is applicable, an identifiable, existing juristic person’.

Thus no matter the size of the particular business, as soon as personal information of clients, employees and service providers are ‘processed’, compliance with POPIA is required. It is likely to be applicable to 99,9% of businesses: book shops, restaurants, hairdressers, furniture shops, online sales platforms, consulting services, accounting services, second-hand goods shops, attorney firms, estate agents, engineering firms, schools, homeowners’ associations, coffee shops, laundromats, training colleges, printing businesses, libraries – it is a long and varied list.

Contact writer should you have enquiries or need information on complying with POPIA at


For the best legal advice and personalised service, let's talk
Subscribe to our monthly newsletters, subscribe