Are you personally liable if your business suffers a data breach?
The Protection of Personal Information Act places direct legal and financial obligations on South African directors. AtomGate builds and documents the IT controls that protect you personally.
POPIA requires that all personal information held by your business is protected against unlawful access, loss, damage or destruction. In practice, your IT environment must meet a defined set of technical and organisational standards, and you must be able to demonstrate that it does.
Role-based access, MFA and documented user provisioning.
Personal data encrypted in transit and at rest: email, files, cloud platforms.
You must report a breach within 72 hours. This requires a documented plan.
Access logs, documented controls and regular reviews, available for inspection.
Maximum fine per offence under the POPIA Act
Maximum imprisonment for responsible directors
Both the fine and imprisonment can apply simultaneously. Directors cannot hide behind the company; personal liability is explicit in the Act.
AtomGate’s POPIA IT Compliance service covers the full technical requirement. At the end of the engagement, you have a compliance report you can present to your board, your auditors or the Information Regulator.
We review your current IT environment against POPIA requirements, identifying specific gaps, your exposure level, and the priority order for remediation.
We implement required technical controls: access management, encryption, backup, incident response procedures and audit logging.
We produce the documentation your compliance requires: data flow maps, control registers, incident response plans and the audit trail your Information Officer needs.
POPIA compliance is not a once-off exercise. Our managed clients receive ongoing monitoring, quarterly reviews and updated documentation as your business changes.
Book a free POPIA IT Assessment. 60 minutes that could protect you from years of personal liability. No obligation. No sales pressure.