Everlytic POPIA Q&A: Who’s Responsible for POPIA Compliance?

1. If the marketing department sends marketing to leads gathered by other departments and it turns out there wasn’t an opt in, who will get into trouble?

Your Information Officer, which is your CEO — the company could also get heavily fined. If you’re receiving new leads from another department, it’s your responsibility to determine where the leads came from, what they’ve given permission for, and whether they’ve been given the opportunity to opt out.

2. Can information officers be fined in their personal capacity?

It is possible if they completely ignore the Regulator and their POPIA duties. Usually, the organisation is fined. It’s also very rare to be imprisoned — this may only happen if someone outright ignores the Regulator, doesn’t respond to information to requests, or similar.

3. I’m getting someone else’s statements by accident (15 to 20 per week). I have tried everything to get them to correct their email address, but to no avail. Now I’m just dumping them. Who is responsible?

The company that is sending you these statements is responsible and they can get into huge trouble — that is a data breach.

4. As an agency, where does the responsibility lie? If the client has guaranteed the compliance of their database to which the agency markets, can the agency take them at their word?

POPIA distinguishes between the Responsible Party and an Operator or Data Processor. An agency, in this example is a Data Processor — they’re doing what the Responsible Party tells them to do.

5. If we are sending on behalf of a client, who is responsible for the protection of the data?

From a security perspective, you’re responsible. From a privacy standpoint, you may not be. It is up to the client to ensure that they have permission from that contact to receive communications.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Marketing automation software that enables data-driven and hyper-personalised communication via email and SMS.