Is your website POPIA compliant ?

Is your website POPIA compliant

To all our clients – please contact us for updates and maintenance and to get your website POPIA compliant. 


  • Add a PRIVACY POLICY document to your website.
  • Add a COOKIES POLICY section to your privacy policy.
  • Your website must present a COOKIES OPT-IN.
  • Add a TERMS OF USE section to your privacy policy
  • Add a PAIA MANUAL document to your website

POPI Act in South Africa – As of the 1st of July 2021, all South African companies need to be POPIA compliant. The operative provisions of the Protection of Personal Information Act (POPIA) came into effect as of 1 July 2020, with a grace period of a year in which companies must ensure that they are actively compliant.

POPIA and GDPR are data privacy laws that affect all business websites that collect data. The regulations are there to protect the online privacy of visitors and it covers how personal data is used and extracted when users visit and interact with a website.

Websites collect information in various ways and if a site uses analytics, opt-in forms, WordPress forms or email marketing, then they are collecting personal information. It is essential for businesses to obtain consent from visitors to collect and process their personal information.

Without consent, they cannot share this information with their marketing team as these regulations have been designed to protect people against data breaches. To avoid massive fines and lawsuits, businesses need to comply by informing users about the data that their website collects.

Here are some key areas that business leaders should review and discuss with their web development team.

  • Business websites must explicitly disclose if they are collecting personal data
  • They must inform visitors about why, how and where they store and process this personal data
  • Visitors may request a copy of the personal data collected from them
  • Visitors may request to have their personal data erased
  • Businesses must report serious breaches within 72 hours.

More importantly, they need to review all data collection points on their website. This could include the registration page, IP addresses, a checkout page and other analytics. It is critical to cover all these areas and to obtain consent to collect information.

Please note that you and your company also have to be compliant with the POPI Act. The following measures have to be in place:
1. Registration of an Information Officer
2. Implementation of a detailed Privacy Statement
3. Implementation of Consent forms for all of your clients, consenting to you processing their personal information.
4. Implementation of Consent forms for all of your employees, stating that they are aware of the POPI Act and the rights and responsibilities that it carries.
5. Implementation of measures in your office to ensure that you are compliant with the POPI Act.


The latest version of WordPress has built-in privacy and compliance features as part of its core. Merely by updating WordPress, one could ensure a higher level of compliance. Some new key features of WordPress include explicit consent, new data erase and export features and a policy generator.

WordPress previously stored data to ensure that people did not have to retype their personal information when making a new comment. Now, people have to click a checkbox to ensure their personal data is stored and reused.

The data export and erase feature enables businesses to easily export a user’s information into a .zip file or completely erase it from the database. This feature helps simplify managing visitor’s personal information.

WordPress also offers a privacy policy template that enables one to create an information page for visitors as to what data is stored and how the business manages it.


WooCommerce also offers built-in tools to manage user privacy. One can enable the options for personal data retention, data erasure and a privacy policy. It is now easy to add the necessary information and disclosure to a WooCommerce privacy policy, especially related to shopping and payment security.

Contact forms

Visitors should be made aware that your site will collect their personal information when they complete any contact forms including registration forms and opt-in forms. One can easily create a tick box to accept the terms of service.


One also needs to inform visitors that your website collects cookies.


Businesses must inform visitors about any policy updates or data breaches, this can be done via email.


Third-party services or plugins like Google Analytics and Google Adwords need to be managed correctly, one needs to anonymise the data before storage and processing. This could be complicated but there are POPIA and GDPR compliant plugins available, they automatically connect Google Analytics to your website and they can make data anonymisation easy.

Online payments

E-commerce businesses likely use a payment gateway and your own website may be collecting personal data before passing it on to the payment gateway. If so, the regulations require you to remove any personal information after a reasonable period.


Compliance reassures visitors, they are likely to share personal information when they understand how your will use their information. Adding compliance policies will certainly benefit your business, it will prevent future data breaches and protect personal and company information.

Open chat

Do you need a website or website maintenance?

Chat to us!