Getting POPIA compliance ready:

POPIA compliance is part of the new normal for businesses operating in the South African market. At, we wish to assure you that we are making every effort as a data processor to ensure we are POPIA compliance ready so that we can bolster your data protection efforts and help you comply with industry regulations.

Some background on POPIA

On the 24 March 2021, the Information Regulator (South Africa) put out a media release announcing that it was 100 days until South African organisations need to be POPIA compliant. As of 1 July 2021, the full implementation and enforcement of the Protection of Personal information Act (POPIA) will be in effect.

This means that all private and public bodies will need to ensure that their processing of personal information (also referred to as personal data) conforms to POPIA.

POPIA was first enacted in 2013 as South Africa’s move to align with the Europe Union’s data protection regulations (which predated the 2016 General DataProtection Regulations (EU GDPR) which came into force in 2018). The Regulations relating to the Protection of Personal Information were then published in 2018. In June 2020, a proclamation was published giving notice of the commencement of certain sections of POPIA that will be implemented by 1 July 2021. It was this proclamation that spurred on POPIA compliance readiness efforts by businesses, non-profit organisations and government bodies to meet the deadline.

What has been doing to be POPIA compliance ready

We are reviewing our organisational and technical measures to ensure that we are POPIA compliance ready by 1 July 2021. We have been building on our existing GDPR compliance readiness put in place in early 2018, and in mid-2020 we initiated a data privacy management programme to review our POPIA compliance obligations.

Among the steps taken to date, and in recognition of the role that data protection plays in the global economy and to support our data protection compliance efforts, we have appointed a Privacy Officer to manage our POPIA compliance readiness and the ongoing data privacy management programme. The Privacy Officer, as our privacy champion, works closely with our client services, business operations and technology teams to implement POPIA compliant data privacy policies, processes and practices and runs our data protection awareness training for all staff.

What the SMS industry has been doing to ensure POPIA compliance

POPIA compliance obligations for SMS messaging are already included in the regulations governing the industry. The SMS industry in South Africa is regulated by the Wireless Application Service Provider Association (WASPA), an industry member body. We are a long-standing member of WASPA and abide by the WASPA Code of Conduct that governs its members’ SMS messaging practices.

POPIA places obligations on business and non-profit organisations to gain consent when sending SMS messages to their contacts. Specifically, POPIA requires an opt-in regime for consumers to receive direct marketing SMS messages. Direct marketing is covered by section 16 of the WASPA Code of Conduct, stipulating, among the provisions in this section, that a consumer can opt-out from direct marketing by replying STOP to an SMS message or can register their mobile phone number with the WASPA Do Not Contact Registry to block any direct marketing messages.

How helps your POPIA compliance efforts

We enable you to comply with the WASPA Code for Conduct requirements for direct marketing, and thus help you comply with the requirements of managing consent in terms of POPIA, in the following ways.

We have a STOP reply facility in place to enable opt-outs from SMS messaging. When a contact on your list replies STOP to a message they have received, our platform automatically blocks that contact’s mobile phone number on your account. This means that you will not be able to send further messages to that contact. Note: the STOP reply facility works for all SMS messages that you send to your list of contacts.

We have a WASPA DNC Registry look-up system that places a block on direct marketing messages for a number registered with the WASPA DNC Registry. We have put in place the ability for you to whitelist your account as not sending direct marketing messages. For more information on this whitelisting facility see our FAQs page here.

We have also compiled a refresher on SMS best practices to help with industry compliance, available here. This guide includes topics that address the distinction between transactional and promotional messages, opt-in consent for messaging, making use of opt-out instructions in your messages, adhering to data protection regulations for the collecting, processing and storing of personal data relating to your SMS campaigns.

For more information about the STOP reply facility or the WASPA DNC Registry look-up system, please email our Support Desk at

In terms of ensuring POPIA compliance readiness within a client-supplier relationship, we are hard at work with our data privacy management programme to ensure we meet our internal data protections obligations so that we can provide you with privacy assurances as a trusted SMS messaging provider. We act as a data processor (an operator in POPIA terms) in processing your SMS messages via our platform and a responsible party in processing your client contact information and your account information. This means we need to attend to data protection controls for the collection, processing, storing and deletion of personal data within the context of our business operations. We will provide you with an update on our POPIA compliance readiness ahead of the POPIA implementation deadline on 1 July 2021.

If you are looking for more information about our POPIA compliance readiness efforts, please contact our Privacy Officer at