POPIA came into full effect on 1 July 2021. It applies to every organisation that processes personal information of South African data subjects — which is virtually every organisation in South Africa. Non-compliance carries penalties of up to R10 million or 10 years imprisonment, plus reputational damage.
This framework contributes to the following governance domains in your Encircle score:
Encircle maps POPIA's 8 conditions and all subsidiary obligations across D04 Compliance, D08 Technology, and D09 AI & Data. Your POPIA compliance score is visible in real time. Each gap — whether a missing Privacy Notice, unsigned operator agreement, or unregistered Information Officer — generates an assigned task with a template where available.
Encircle tells you when you are POPIA Compliant — meaning your evidence demonstrates all 8 conditions of lawful processing with documented controls. This is a governance readiness assessment, not a legal opinion. For formal POPIA compliance certification, Encircle connects you with a registered POPIA practitioner from the Encircle Network.