As of 01 July 2021, the Protection of Personal Information Act (POPIA) came into effect. All South Africans have a constitutional right to privacy and the POPI Act aims to protect our personal information. It includes a series of regulations that define when it is lawful for our personal information to be processed.


POPI is short for the protection of personal information (a topic) as opposed to POPIA which is short for the Protection of Personal Information Act (the Act). They are both topics which refer to the protection of personal information or data, and can be used interchangeably.

We care about YOUR Information

OneNet Health & Insure is committed to ensuring that your personal information is protected. We are compliant with the implementation of the Protection of Personal Information Act (POPI Act 4 of 2013). 

In terms of the POPI Act, we are:
•            Making sure that your personal information is not stored in an unsafe environment
•            There are no copies of your information in an un-secure location
•            No unauthorised OneNet member of staff (or any other persons) have access to your information
•            Your information will never be shared with third parties without your consent
•            We are committed to ensuring that your personal information is protected and secure at all times

Information Regulator (South Africa)

Ensuring protection of your personal information and effective access to information.

  1. The Information Regulator is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the POPIA Act.  Also responsible for issuing codes of conduct for different sectors and to make guidelines to assist bodies with the development and application of codes of conduct.
  2. Chapter 7 of the POPIA Act introduces Codes of Conduct.  The development of codes of conduct will contribute to the proper implementation of the conditions for the lawful processing of personal information, as reflected in Chapter 3 of the POPIA Act, in each sector.  Section 60 of the POPIA Act, among others, provides that a code must prescribe how the conditions are to be complied with within specific sectors as far as the processing of personal information is concerned. 
  3. Chapter 10 provides for complaints to be lodged with the Information Regulator by persons regarding any interference with the protection of their personal information.  Interference with the protection of the personal information of a data subject consist, in terms of section 73, of—
    (i)         any breach of the conditions for the lawful processing of personal information set out in Chapter 3 of the POPIA Act;
    (ii)        non-compliance with any obligations created in terms of the POPIA Act; or    
    (iii)       a breach of the provisions of a code that has been issued in terms of section 60.
  4. The remaining provisions of the Chapter deal with the powers of the Information Regulator as far as investigation of complaints is concerned.
  5. The Schedule to the POPIA Act is intended to effect certain amendments to existing legislation, among others, to ensure that all the responsibilities of the South African Human Rights Commission in terms of the Promotion of Access to Information Act, 2000, are assigned to the Information Regulator.  The amendments reflected in the Schedule further aim to establish the Information Regulator as the sole functionary, apart from the courts, that may consider complaints against decisions that have been taken by public or private bodies in respect of requests for access to records of the bodies concerned. 

Information Regulator Home Page, further information about and documents are available on their page.

OneNet's Blog Page: Don't Pay More

*Took effect on July 1, 2020.
* Enforcement began on July 1, 2021.
* Applies to any company or organisation processing personal information in South Africa.
* Creates actionable rights for South African citizens (data subjects), including but not limited to the right to access, right to correction and right to deletion.
* Creates conditions for lawful data processing, in which the consent of the data subject is central. It is up to websites, companies and organisations to prove that their processing is lawful.
* Defines consent as any voluntary, specific and informed expression of will.
* Defines processing as collection, receipt, recording, organisation, storage, merging, linking and more.
* Defines personal information broadly as any information relating a living person, company or legal entity.
* Allows companies and organisations to process data if it’s deemed in the user’s “legitimate interest”, creating a point of ambiguity for possible abuse and enforcement difficulties.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram