The Protection of Personal Information Act (POPI) regulates how personal information is processed by public and private bodies in South Africa. [1] POPI is based on eight principles from the European Union and will become law within 18 months. [2] It imposes strict requirements for obtaining consent, securing data, and allowing individuals to access their personal information. Businesses must appoint an information officer and audit all personal data held to ensure compliance. Non-compliance can result in fines up to R10.5 million or imprisonment. [3]