POPIA Webinar - Consent and Legitimate Interest

16 Sep 2020 10:00 am by Ahmore Burger-Smidt


The introduction of the Protection of Personal Information Act (POPIA) means all organisations must implement POPIA compliance policies and practices by 31 March 2021.

The reasons for and implications of complying with POPIA were discussed in detail in our first two POPIA webinars. This webinar focuses on consent and legitimate interest in relation to POPIA and its impact on the way organisations do business in South Africa.


How organisations connect with and sell to potential customers has changed in the face of data protection laws which require that a lawful basis exists to use personal information for activities such as direct marketing.

This lawful basis is rooted in consent by the data subject and a requirement by law for how such information can be used. POPIA allows for the use of personal information if such use is with the consent of the data subject and in the legitimate interest of the subject or a legitimate third party.

In addition, every individual has the right to request the record of their information held by an organisation, exercise the ‘right to be forgotten’ or object to the processing of their personal data if they can show legitimate grounds for their objection. This means that, along with understanding the practical applicability of POPIA to your business, your organisations should have data subject ‘access and delete’ request policies in place.

The EU’s General Data Protection Regulation legitimate interest test shows that, in many cases, ‘legitimate interest’ will need to be established on a case-by-case basis as well as with consideration of specific legislation. For example, Section 69 of POPIA details specific consent requirements for electronic direct marketing.

Do you know your organisation’s rights and obligations when it comes to compliance with POPIA and the use and protection of personal information? Attend our webinar and find out.