POPIA compliance hub
POPIA compliance: check it, score it, fix it
The Protection of Personal Information Act applies to virtually every South African business that holds a customer's name, email, or ID number. Start with what the Information Regulator sees first — your website — then score the rest of your business. Free, no sign-up.
Then score the rest of your business
POPIA Self-Assessment
46 questions across all 8 POPIA Conditions, modelled on the Information Regulator's framework. Emailed PDF with what to fix first.
PAIA Self-Assessment
POPIA's sister act: section 51 manual, annual report, and request handling — scored the same way.
The fix path, in order
- 1
Register your Information Officer— free, ~30 minutes on the Regulator's eServices portal. Usually the owner or CEO. Step-by-step guide.
- 2
Publish a PAIA manual and a POPIA-grade privacy notice on your website — the two things anyone checking you looks for first.
- 3
Get consent in order — cookie/tracking consent on the website, opt-ins on your forms, operator agreements with providers that process data for you.
- 4
Keep it that way — ClearComply tracks 12+ compliance requirements across POPIA, PAIA, CIPC, SARS, UIF, COIDA and B-BBEE, alerts you before every deadline, and tells you the moment your status changes. R99/month, cancel anytime.
Rather have it done for you? Request POPIA assistance and we'll match you with a specialist.
Go deeper
Information Officer registration, step by step
The most-missed POPIA obligation — free, 30 minutes, legally required.
POPIA for small businesses: the complete guide
The 8 Conditions, the seven practical steps, and the penalties — in plain English.
The PAIA annual report explained
Section 32 reporting — due even if you received zero requests.
What non-compliance actually costs
Both R5 million POPIA fines to date, and every other penalty that stacks.
Quick answers
How do I check if my business is POPIA compliant?
Start with the two free checks on this page: the website check scans your site for the visible POPIA requirements (privacy notice, PAIA manual, Information Officer details, consent), and the self-assessment scores your business across all 8 POPIA Conditions using the Information Regulator’s own framework.
Is Information Officer registration really free?
Yes. Registering your Information Officer with the Information Regulator is free and takes about 30 minutes on the Regulator’s eServices portal. By default your Information Officer is the most senior person in the business — usually the owner or CEO.
Does my small business need a PAIA manual?
Yes — every private body must compile a PAIA section 51 manual and make it available, typically on your website. It describes what records you hold and how someone can request access to them.
What happens if my business ignores POPIA?
The Information Regulator can fine up to R10 million and has already issued R5 million fines. It is running proactive compliance assessments, and an ignored enforcement notice is a criminal offence. Most SME gaps — Information Officer registration, a PAIA manual, a POPIA-grade privacy notice — are cheap and quick to close.
The tools on this page are self-checks, not legal certifications of POPIA compliance. For formal advice, consult a qualified attorney or POPIA specialist. ClearComply does not file or submit documents on your behalf.