The Protection of Personal Information Act (POPIA)

At the time when the Protection of Personal Information Act was being finalized in 2013, early versions of the GDPR were already in circulation. This resulted in the early adoption of a world-class regulation for South Africa, borrowing many concepts from the GDPR including Consent, Data Subject Rights and Documentation of Processing. However, there are some key differences to consider for POPIA, including an emphasis on data retention periods and technological measures to limit loss, damage and access to data.

Trunomi is purpose-built to fully address POPIA. From Consent & Permissions and DSRs Automation, through to Data Retention Management – for any organisation, any size.

South African flag

POPIA Compliance with Trunomi

Comprehensive or modular solution – all from Trunomi’s Platform


Lawful Purpose of Processing

Ask yourself ‘why do we hold this data?’ and record it
with Trunomi

All personal information may now only be processed if there is a lawful purpose of processing.

With Trunomi, append a lawful purpose to all data processing – past and future – for evidential and usage purposes. Learn more >



Request, record and manage it
with Trunomi

Under POPIA, consent must be voluntary, specific, informed and time-bound.

Adhere to the highest standards of consent capture with Trunomi. Learn more >


Data Subject Rights (DSRs)

Allow requests and handle them downstream
with Trunomi

POPIA gives individuals specific rights to their personal data, including the right to correct or delete.

Facilitate DSRs and automate fulfilment end-to-end with Trunomi. Learn more >


Retention of Records

Append retention records to your data for easy management
with Trunomi

Retain personal data for no longer than is necessary for the purpose under which it was obtained.

Trunomi automates the creation of data retention periods for any data processed, based on rules defined by you. Automate data retention management end-to-end and evidence all activities downstream. Learn more >



Systems to request, record and manage age-based or parental
with Trunomi

The high-standards of consent under POPIA include additional conditions for children.

Adhere to the highest standards of consent capture with Trunomi and, with our rules-based platform, create workflows for age-related consent. Learn more >


Documentation of Processing

Make information on data processing auditable – for regulators, partners and customers
with Trunomi

Responsible parties and operators must maintain accurate documentation of processing activities that include the purpose of processing, categories of data, recipients of the data and more.

Automate contextual records of processing during actual data events, anywhere across your organization. Learn more >


Privacy Communication

Review and update Privacy Policies & Notices
with Trunomi

Responsible parties and operators must inform data subjects of any processing in a concise, transparent, intelligible and easily accessible format.

Easily build ‘My Data’ Portals and preference centers for customers and maintain accurate records of processing to inform your Privacy Policies with Trunomi. Learn more >


Stakeholder Awareness

Treat personal data as a first-class citizen everywhere in your business
with Trunomi

Data Privacy is a now a core strategy and operational need across businesses. Stakeholders and teams require a central source of truth, visibility and control for Privacy.

Integrate Privacy-by-design across your current and future technologies with Trunomi’s interoperable Privacy layer and zero-PII data intelligence. Learn more >


Security of Personal Information

Technological measures to limit loss, damage and unlawful access to data
with Trunomi

Integrate and prove Data Privacy and protection into current and future technology and architectures.

Integrate Privacy-by-design across your current and future technologies, and limit data damage, loss and unlawful access with Trunomi’s zero-PII data sharing. Learn more >


Information Officers

Designate responsibility and empower them with data
with Trunomi

Businesses must appoint a Data Privacy or Information Officer to be involved in issues that relate to data protection and to monitor compliance with POPIA.

Empower DPOs with powerful and real-time intelligence that allows them to understand Privacy and protection across any areas of the business. Learn more >


Data Breaches

Operational readiness and ability to react
with Trunomi

Businesses must provide information surrounding data breaches to both supervisory authorities and affected data subjects.

With Trunomi, you will always have secure visibility into what data sits where, and who it belongs to - trigger workflows and alerts for systems, stakeholders and third-parties, based off any affected data sets. Learn more >


Data Transfers

Understand where your data goes and if you can mitigate risks
with Trunomi

Businesses must understand where their data travels across borders and must assess and limit risk.

Remove the complexity of international transfers with Trunomi’s metadata-only records of intelligence: share detailed information on personal data, without ever having to share the raw data itself. Learn more >