The Protection of Personal Information (POPI) Act puts South Africa’s data regulation standards on par with existing data protection laws around the world. It aims to protect personally identifiable information (PII), enforce individuals’ rights to privacy, and provide guidelines for lawfully processing sensitive information and notifying regulators and data holders in the event of a breach.

The goal of the POPI Act is to protect data subjects from security breaches, theft, and discrimination. To accomplish this, it outlines eight principles that South African data processors must follow. They are:

  1. Accountability
  2. Processing limitation
  3. Purpose specification
  4. Further processing limitation
  5. Information quality
  6. Openness
  7. Security safeguards
  8. Data subject participation

The POPI Act is considered to mirror GDPR compliance requirements. This means that being compliant with the GDPR makes you largely ready for the POPI Act.

In comparison to the GDPR, the POPI Act stands out with two major differences. The GDPR relates to the personal information of individuals while the POPI Act extends its protections on collected information to companies and corporations as well as individuals.

Another major difference lies in the development of privacy programs. The GDPR advocates for privacy by design rather than privacy as a function. POPI recommends best practice options for privacy and security, which makes POPI’s privacy requirements slightly less stringent.

The POPI Act applies to everyone in South Africa who processes the personal information of any South African citizen or organization. This act went into effect on July 1, 2020, and all South African organizations are required to comply before the deadline on July 1, 2021. In the meantime, it’s important to ensure your endpoint management tool is compliant with the POPI Act.

ManageEngine Desktop Central values end-user privacy and is GDPR compliant. Now, Desktop Central is tackling POPI Act compliance, too.

Various features of Desktop Central like role-based access control, breach notifications, requiring end-user consent before accessing personal information, data protection officers, and the ability to erase technicians’ personal data ensure that your user data and privacy remain intact as per the guidelines specified by the POPI Act.

Desktop Central is a 360-degree unified endpoint management solution that offers comprehensive management, monitoring, and security capabilities. It comes with all the above mentioned features and much more. Start exploring Desktop Central now with the free-trial version.

You can also sign up for the recently launched cloud version of Desktop Central.

Compliance mandates like the GDPR and the POPI Act enforce policies to protect user data and privacy, which is essential in today’s age where divulging personal information has become the norm.

Nisha Balajee
Solutions Marketing Manager

  1. Tim

    How or will this affect an Administrator’s ability to fully manage, monitor and access all company owned devices and information that an employee is using. We are in the US and have had software vendors from outside the US refuse to allow Admins the ability to disable the sending of user usage and info from our our devices from a central control panel. We must access each device and disable these separately. They are stating that GDPR only allows the employee the right to set privacy. In the US the company owns the device, email and company information that is on them. The company has the right to access all information that an employee user puts on them and block all device/employee information from leaving the company. (*Note: I am not speaking of Customer data and information in this context, it falls into a separate customer privacy act.)
    Will an Administrator/Company be restricted through Desktop Central in fully managing and accessing all information on the company’s devices?

    • Nisha Balajee

      Hi Tim,

      Thanks for reaching out to us!

      POPI act is applicable only to organizations and devices within South Africa. Hence, if you are completely based out of US, you needn’t necessarily comply with POPIA.

      Having said that, you can ensure the restrictions as implied in POPIA can be implemented using the capabilities provided in Desktop Central.

      Hope this helps!

      In case of any further queries, feel free to reach out to

      Nisha Balajee