How will the POPI Act impact community schemes?

On 1 July 2021 the Protection of Personal Information Act (or POPI Act) commenced. This act will have substantial bearing on how institutions, companies and other organizations – as keepers of information – protect and use information they have in their possession. This includes all community schemes such as bodies corporate.

While the Act does not set specific rules, it does stipulate principles that must be followed when handling personal information.

The body corporate and the managing agent

Both the body corporate and the managing agent are affected by this Act because they are responsible for managing all of the scheme’s data. The managing agent is responsible for putting measures in place to safeguard the information of the schemes they manage against any possible risks of data theft.

Safeguarding and collection of data

All data collected must be safeguarded against any possible risks, be it risks inside an organisation or external risks.

The responsible parties, who are in charge of safeguarding of the data, must familiarise themselves with the exact definitions of ‘personal information’ and ‘data collected’ as stated in the Act. They are responsible for the collection of data, how and where it is stored, as well as when data is disposed of or destroyed.  This must be done within the framework of the Act.

Most importantly is safeguarding of the data collected. The Act has specific requirements and provides guideline such as changing passwords on laptops regularly or backing up the devices of the people responsible for managing the data.

Information officers

Each organisation is obliged to appoint an Information Officer and as many Deputy Information Officers as required. These appointments must be recorded in a Letter of Appointment, and the officers must take up their responsibilities once the organisation has been registered with the regulator.

Each officer has duties for which they are responsible, the main and overarching responsibility being to comply with the relevant Act. In the case of community schemes, the information officers can be appointed both from the trustees as well as the managing agent.


Basically, the purpose of the POPI Act is to provide individuals certain rights and remedies to safeguard their personal information as held by third parties and it attempts to hold these parties responsible for how they share, store and use of personal information.