Protect your company from sensitive data breaches



The purpose of the Protection of Personal Information Act, or POPI, is to protect information processed by public and private bodies. POPI establishes minimum requirements for the processing of personal information of individuals as well as legal entities.

The legislation enforces strict guidelines on the collection and retention of personal data by companies. When companies need to collect personal information, it needs to be for specific purposes, they need to manage this information, take measures to keep it secure and dispose of it when it is no longer needed.

There are dire consequences for a POPI offence: a maximum period of imprisonment of 10 years, or an undisclosed maximum fine, determined by the relevant court on a case-by-case basis. Furthermore, the Regulator may institute administrative fines up to an amount of R10 million.

In short, the POPI Act states that you should only hold someone’s personal information, whether digitally or physically, for the period of time for which you need it. Thereafter, it must be securely and safely disposed of. That’s where we come in. Simply drop sensitive documents along with general paperwaste into the on-site Erase Data Secure Console, and we’ll take care of the rest.


We can help protect you and your company from a sensitive data breach.
 Read more about our secure shredding services
 or book a POPI Protection consultation.

The POPI Act states that you should only hold someone’s personal information for the period of time for which you need it.


  • Contact details
  • Demographic information
  • History
  • Biometric information
  • Opinions and private correspondence
  • Customer information
  • Employee information

A POPI offense is a serious offense. A non-compliant company could face fines of up to R10 million, as well as up to 10 years imprisonment.


Just as the POPI Act protects South Africans’ personal information, the General Data Protection Regulation, or GDPR, protects the personal data of all EU citizens. This includes when they’re visiting or living abroad. Wherever your business is based, if your customers include EU visitors, or if you retain the information of any EU citizen, the GDPR affects you.

The GDPR states that business processes that handle personal data must be built with data protection by design and by default. This means that they expect the highest-possible privacy settings and protocols so that personal data is not available publicly without explicit consent. The data owner also has the right to revoke this permission at any time.

Protect your company from a serious data breach.

Contact us now to organize your on-site ERASE DATA 3-IN-1 SECURE CONSOLE.

Failure to comply could lead to up to €20 million or 4% of net profit in fines as well as imprisonment.

Cyber security is no longer enough. A large amount of data breaches are due to the negligence of staff, so the only way to protect yourself and your company is to have secure internal processes when it comes to the disposal of sensitive documentation.