POPIA compliance hub

POPIA compliance: check it, score it, fix it

The Protection of Personal Information Act applies to virtually every South African business that holds a customer's name, email, or ID number. Start with what the Information Regulator sees first — your website — then score the rest of your business. Free, no sign-up.

We scan publicly visible pages only and email the report to you. No signup needed.

Then score the rest of your business

The fix path, in order

  1. 1

    Register your Information Officer— free, ~30 minutes on the Regulator's eServices portal. Usually the owner or CEO. Step-by-step guide.

  2. 2

    Publish a PAIA manual and a POPIA-grade privacy notice on your website — the two things anyone checking you looks for first.

  3. 3

    Get consent in order — cookie/tracking consent on the website, opt-ins on your forms, operator agreements with providers that process data for you.

  4. 4

    Keep it that way — ClearComply tracks 12+ compliance requirements across POPIA, PAIA, CIPC, SARS, UIF, COIDA and B-BBEE, alerts you before every deadline, and tells you the moment your status changes. R99/month, cancel anytime.

Start tracking my compliance

Rather have it done for you? Request POPIA assistance and we'll match you with a specialist.

Go deeper

Quick answers

How do I check if my business is POPIA compliant?

Start with the two free checks on this page: the website check scans your site for the visible POPIA requirements (privacy notice, PAIA manual, Information Officer details, consent), and the self-assessment scores your business across all 8 POPIA Conditions using the Information Regulator’s own framework.

Is Information Officer registration really free?

Yes. Registering your Information Officer with the Information Regulator is free and takes about 30 minutes on the Regulator’s eServices portal. By default your Information Officer is the most senior person in the business — usually the owner or CEO.

Does my small business need a PAIA manual?

Yes — every private body must compile a PAIA section 51 manual and make it available, typically on your website. It describes what records you hold and how someone can request access to them.

What happens if my business ignores POPIA?

The Information Regulator can fine up to R10 million and has already issued R5 million fines. It is running proactive compliance assessments, and an ignored enforcement notice is a criminal offence. Most SME gaps — Information Officer registration, a PAIA manual, a POPIA-grade privacy notice — are cheap and quick to close.

The tools on this page are self-checks, not legal certifications of POPIA compliance. For formal advice, consult a qualified attorney or POPIA specialist. ClearComply does not file or submit documents on your behalf.

Got questions?

Pick a question or type your own below.