Skip to main content


Become compliant and secure.

What is POPIA?

The Protection of Personal
Information Act (POPIA) is
South Africa’s data
protection law.


POPIA aims to monitor,
protect and regulate the
processing and flow of 
personal information
within and outside

POPIA ensures the
legitimate use of
personal data.

The time is now...

POPIA’s commencement date was 1 July 2020.

There is a grace period until 1 July 2021 to put measures in place for compliance.

Responsible Party

A public or private body that dertmines the means of processing data.


A party that processes personal information on behalf of the responsible party (e.g. Mimecast archives personal information).

Data Subject

Any party to whom the personal information relates.

What is personal data?

Information about an identifiable natural living person, or a juristic person or legal entity such as an organisation. For Mimecast, it refers to correspondence of confidential nature, sent by a person implicitly or explicitly.


Gender, race, education, qualifications, income, date of birth, medical records, banking information and more. It also includes personal opinions and preferences.


Data leaks and threats initiated by malicious employees increased at nearly a quarter of SA firms.*


Successful phishing attacks that begin with email, making it the single biggest threat vector to organisations and their data.*


Human error plays a role in 40% of all global data breaches.**

R40 mil

Average cost of a data breach in South Africa.**

R10 mil

Maximum financial penalty for non-compliance to POPIA in South Africa.

** IBM/Poneman Institute: Cost of a Data Breach Report 2020
*Mimecast’s State of Email Security Report 2020

Myth 1

"Certain vendors' solutions can make me POPIA compliant on their own".

Solutions like Mimecast enable organisations to become POPIA compliant in several ways, but there are many other aspects organisations need to take care of to be fully compliant.  No single solution can offer full compliance.

Myth 2

"POPIA isn't in force yet".

The whole of POPIA is already in force, but there is a suspension on the enforcement of POPIA regulations until 1 July 2021.

Myth 3

"We can just pay the fine. It's cheaper than the hassle of becoming compliant".

The penalties alone can be a maximum of R10million, but that could be increased.  Civil suits and criminal penalties could greatly increase damages for non-compliant organisations.

Myth 4

"Cyber insurance will cover us for non-compliance".

It is against public policy to insure against your own intentional conduct.  Insurers will look carefully at what their cyber insurance policies cover.

Myth 5

"Data must leave the oganisation for it to qualify as a data breach".

Exfiltration of data is not the only form of data breach.  Any unauthorised access of personal information - including information being encrypted during the course of ransomware attack - qualifies as a data breach.

Myth 6

"Good-enough security is enough for me".

Under POPIA, organisations must have measures in place to prevent data breaches from occurring.  Based on current evidence, the likelihood of an organisation suffering a breach is high.  The measures they put in place can greatly mitigate penalties in the event of a breach.

What role does Mimecast Play in POPIA compliance?

  • APIs:

    Real-time information on compliance-related aspects.

  • Discover Review Tools:

    Identify what data should and should not be required.

  • Large File Send:

    Send large amounts of data in an auditable format.

  • Targeted Threat Protection:

    Keep companies safe from the most common attack vectors like email and web.

  • Mimecast Archive:

    A perpetual and tamper-proof data archive.

  • Data Leak Prevention:

    Protects against accidental or intentional data loss.

  • Secure Messaging:

    Transmits information securely between businesses and third parties.

Ready to solve your legal and regulatory challenges?

J2 is a committed partner to organisations and their efforts in becoming POPIA compliant, offering a portfolio of cyber resilience solutions that can keep customers and data safe from cyber threats.

To hear from peers and experts, complete the form.

Your Details