POPI Act affects every business, including restaurants, every website owner: deadline 30 June!



A new word on everyone’s lips is POPIA, short for the Protection of Public Information Act.  Its original deadline was a year ago, and has been extended to 30 June 2021.

Working with restaurant clients, which collect public information when recording Covid-compliant diner temperatures, names, email addresses, and cell phone numbers, it became clear to me that restaurants need to comply with the Act by 1 July, failing which they can face a Fine of up to R10 million.

It is hard to find any information about the Act as it pertains to restaurants specifically,  most entries I found on Google being legal firms selling their services to guide businesses in general in becoming POPIA compliant.

What I have learnt about the POPIA so far is the following:

  1. All personal information about clients, suppliers, and employees is covered
  2. An Information Officer needs to be appointed
  3.  Persons about whom information is already held or is collected regularly must give permission to supply the information and for it to be held
  4. Persons from whom data is collected must agree to receive marketing communication from the business sender
  5. The personal information collected must be kept in a safe space, and must be destroyed when it is no longer needed
  6. Employee contracts must be amended  to give consent to the personal information being kept, and to not disclose personal information he/she has access to of other employees, suppliers, and clients
  7. Websites should have a Cookie notice and policy
  8. A POPIA Manual should be prepared.
  9. A Privacy Policy should be prepared, and communicated to all employees

I deal with Dineplan on behalf of those restaurant clients that subscribe to this very useful diner reservation system. The company collects diner information such as cellphone numbers and email addresses, and offers an sms marketing service to its restaurant clients, whereby short messages are sent to their clients, the clients having given permission to receive such messages.

Dineplan has prepared its detailed Privacy Policy in accordance with the Act.  It is written in heavy legalese, but gives one a good idea of what such a Privacy Policy should contain. It follows below:

Dineplan Privacy Policy

Last revised on 27 May 2021

Chris von Ulmenstein, WhaleTales Blog: www.whaletalesblog.com www.chrisvonulmenstein.com/blog Tel +27 082 55 11 323 Twitter:@Ulmenstein Facebook: Chris von Ulmenstein, My Cape Town Guide/Mein Kapstadt Guide Instagram: @Chrissy_Ulmenstein @MyCapeTownGuide


Please follow and like us:
Tweet 27k

WhaleTales Blog


We don’t spam!

Read our privacy policy for more info.