FAQ – What Permit Do I Need If I Have To Work After The 12 PM Curfew Under Alert Level 1?
If you need to be outside your place of residence between 12 PM and 4 AM to perform a service permitted under Alert Level 1, then you need to carry a permit with you.
The permit is in the form of Form 7 – “ Permit to travel to perform a service”, Regulations 66.
Who can fill in Form 7?
This form is to be completed by the head of an institution (or a person designated by him or her). “Head of the institution” is defined by the Regulations as the accounting officer of a public institution and the chief executive officer or the equivalent of a chief executive officer of a private institution. “Institution” means any public or private institution, including a sole practitioner and any other business owned and operated by a single person.
Form 7 may be signed by the head of a small business in respect of employees, and in the case of a sole proprietor, by him or herself. The carrier of the Permit must ensure to keep identification ready at all times.
To find out how SEESA can help your business visit our website for more:
http://www.seesa.co.za/
POPIA compliance in 2026: the basics every business still gets wrong
Even years after POPIA came into full effect, the same compliance gaps continue to surface across different industries. Many businesses believe they are POPIA compliant until a complaint, audit, or data breach proves otherwise.
Here are some of the most basic POPIA mistakes we still see:
- Information Officers appointed “on paper only”.
The Information Officer is registered on the Information Regulators e-Services portal, but there is no real understanding of the role, no internal authority, and no ongoing oversight of compliance activities.
- Outdated or generic privacy notices
Outdated or generic privacy notices often misrepresent actual processing activities in the company.
- No POPIA training beyond management
POPIA compliance is treated as a legal or HR issue, while frontline employees, who handle personal information daily, receive little or no training.
- Assuming IT equals POPIA compliance
Strong IT systems alone are not enough. POPIA also requires policies, procedures, access controls, and human behaviour management.
- Weak access control and data minimisation
Employees often have access to personal information they do not need, increasing the risk of internal breaches and unauthorised disclosure.
- No clear process for data subject requests
Businesses struggle to respond within reasonable timeframes because there is no documented procedure for handling requests.
- Not reporting data breaches to the Information Regulator
Many organisations do not fully understand what constitutes a data breach under POPIA or how to report it. As a result, breaches are often ignored or being overlooked entirely.
- Failure to review and update data processing agreements with Operators
While operators are identified, many businesses fail to put proper data processing agreements in place or to review them regularly.
- Treating POPIA as a once-off exercise
Compliance is viewed as a project with an end date, rather than an ongoing process requiring regular review, updates, and monitoring.
POPIA compliance is about awareness, accountability, and continuous improvement. Identifying and fixing these common gaps is often the first step towards meaningful compliance.
