“We have all been affected by cancer, whether through family, friends, neighbours, colleagues – or even personally” Frank Clyburn On the 13th of March 2020 #TeamSEESA hosted a nationwide spray-athon to support and raise awareness in the fight against cancer. Once again #TeamSEESA accepted the challenge and led by example, raising funds that exceeded our expectations. #TeamSEESA is the heart and soul of SEESA and without our employees, the spray-athon project wouldn’t have been so successful. Thank you #TeamSEESA for always standing together, doing and giving more than is expected of you. It was a heart-warming experience!#SEESA#Shavathon#Spray-athon #Motivate#Inspire#StandingTogether#TeamSEESA#RaisingFunds#SupportingCANSA#TheFightAgainstCancerCANSA The Cancer Association of South AfricaCANSA PretoriaCANSA DurbanCANSA Port ElizabethCANSA BloemfonteinCANSA Cape Metro
Apr 22, 2020
#TeamSEESA supporting CANSA Shavathon 2020
POPIA compliance in 2026: the basics every business still gets wrong
Even years after POPIA came into full effect, the same compliance gaps continue to surface across different industries. Many businesses believe they are POPIA compliant until a complaint, audit, or data breach proves otherwise.
Here are some of the most basic POPIA mistakes we still see:
- Information Officers appointed “on paper only”.
The Information Officer is registered on the Information Regulators e-Services portal, but there is no real understanding of the role, no internal authority, and no ongoing oversight of compliance activities. - Outdated or generic privacy notices
Outdated or generic privacy notices often misrepresent actual processing activities in the company. - No POPIA training beyond management
POPIA compliance is treated as a legal or HR issue, while frontline employees, who handle personal information daily, receive little or no training. - Assuming IT equals POPIA compliance
Strong IT systems alone are not enough. POPIA also requires policies, procedures, access controls, and human behaviour management. - Weak access control and data minimisation
Employees often have access to personal information they do not need, increasing the risk of internal breaches and unauthorised disclosure. - No clear process for data subject requests
Businesses struggle to respond within reasonable timeframes because there is no documented procedure for handling requests. - Not reporting data breaches to the Information Regulator
Many organisations do not fully understand what constitutes a data breach under POPIA or how to report it. As a result, breaches are often ignored or being overlooked entirely. - Failure to review and update data processing agreements with Operators
While operators are identified, many businesses fail to put proper data processing agreements in place or to review them regularly. - Treating POPIA as a once-off exercise
Compliance is viewed as a project with an end date, rather than an ongoing process requiring regular review, updates, and monitoring.
POPIA compliance is about awareness, accountability, and continuous improvement. Identifying and fixing these common gaps is often the first step towards meaningful compliance.