Skip to Main Content

Research Data Management (RDM): The POPI Act

UCT Libraries Research Data Services provide guidance and support for all aspects of the data lifecycle, from planning your data management strategy during the proposal phase through preserving your data at the conclusion of your project.

The POPI Act

The POPI Act

The Protection of Personal Information (POPI) Act (No. 4 of 2013) is a governmental regulation designed to protect the personal information of South African citizens, similar to the General Data Protection Regulation (GDPR) in Europe. If you are collecting personal information of SA citizens (for instance, through interviews or focus groups, or surveys that collect identifiers such as names, contact information, etc.), you need to ensure compliance with the POPI Act.
 
The core focus of POPI in a research context is ensuring that if personal identifiers must be collected, they need to be stored in a secure, access-controlled location to prevent the data being harvested and used by third parties. POPI does not prevent open data sharing - in fact, open data sharing, by virtue of the need to remove personal identifiers from shared datasets, complies entirely with POPI. In research, POPI impacts more on research process, such as being strategic in storing only de-identified datasets on cloud storage, and ensuring that on-site storage (personal harddrives, external harddrives, the UCT G Drive) is strictly access-controlled to named and designated individuals to ensure data protection.
 
Further general reading about the POPI Act are available below:
  1. http://www.popiact-compliance.co.za/popia-information
  2. https://www.justice.gov.za/inforeg/docs/InfoRegSA-POPIA-act2013-004.pdf
  3. http://www.popiact-compliance.co.za/popia-information/14-transfer-of-personal-information-out-of-south-africa