Skip to content

Instantly Create a Privacy Policy for your Website

Instantly Create a Privacy Policy for your Website

The Protection of Personal Information Act (POPI) requires every South African website to display a privacy policy on their websites and are also called to comply to these regulations.

After learning more about POPIA over at, we came to understand how important this Act really is. We are all FOR Protecting Personal Information from being sold and misused.

This is our effort to fully support this cause.

Generate a POPIA Compliant Privacy Policy For Your Website

Use the form below to instantly create your website’s privacy policy.
Spoiler Alert: It could takes less than 5 minutes if you have the information handy. 

Please Note: You will be able to edit and make changes to the policy if need be. You also need to read and ensure your business complies to the rgulations set out in the policy.

Got Questions?

Questions are good!

Please read our frequently asked questions below about POPIA and this process. if you still have any questions, please check the resources at the bottom of this page.

Have the following information ready and it should take less than 5 minutes to create your privacy policy: 

  • Business Registered Name and Registration number. 
  • Business Addresses and Contact Information. 
  • Contact Information for your appointed Information Officer (personal that will handle personal information requests) 
  • Indicate if your website uses any third party applications to perform certain functions. 
  • You will be able to make changes to the policy in case anything needs to be edited afterwards. 

The Purpose of POPIA is to ensure Personal Information remains private, whilst providing you with more control and access to your information. You have the right to know how and what informations is being collected, processed, stored and shared and with only authorised persons.

For your website to be POPIA compliant you will need to publish your privacy policy on your website. You will also need to add a notice, to notify your website visitors about your privacy policy.  Most websites use a cookie banner.

The policy is the most important part and the place to start compliancy but apart from this you will appoint and register your information officer.

Key steps to compliancy are listed below.

Yes. It is important that you read, understand, agree and comply to your own privacy policy to ensure that your business complies. Please see resources section below to learn more.

Your website’s compliance is only one step to ensure your business complies with POPIA Regulations. Please see section below on the Key Steps to Compliancy.

We work exclusively with WordPress websites, we could potentially help you to convert your Website to WordPress in order for you to be able to handle future minor updates to your website. 

Existing WordPress website can benefit from our Quick Care Plan package which includes crucial software updates, or get regular updates subscribing to a WordPress Care plan. 

POPIA – The Key Steps to Compliancy

Below is the key steps to ensure you comply to POPIA regulations. Please refer to resources section at the bottom of this page for more information on POPIA.

This person will take on the responsibility to ensure POPIA Compliancy and handle all Privacy requests and is to cooperate with the Information Regulator of South Africa should any investigations arise. Your Information officer will have to be registered at the Information Regulator by completing the pdf below. This completed PDF can be emailed to  Link to PDF: InfoRegSA-eForm-InformationOfficersRegistration-2021

Personal Information can be processed and is most often required to fulfil a service or deliver a product. But, it may only be processed on a lawful basis and shared only with relevant third parties if this is required to perform a service or deliver a product.  Informing your clients and website visitors on how and what personal information is collected and processed is required. You should also ensure the information you hold is not excessive, yet complete and up to date.

(Data Subject is the cold term used in the policy to describe any website visitor, client or lead) A Data Subject has the right to access its personal information. You should not withhold access and respond to these requests. 

In the event of a Security breach, you are to Notify the Information Regulator of this breach. You will also need to notify your Data Subjects that you have reason to believe that their personal information has been accessed by an unauthorised party. This will ensure your Data Subjects can take the necessary steps to protect themselves. 

(A Data Operator is any person that you entrust your Data Subject’s Personal Information to work with on your behalf.) As an example, if you are a Bold Mark creative Client, you should get an operator agreement from us to ensure we process any of your Data Subject’s Personal information in accordance with POPIA.  

There are some exceptions to this rule. You may only transfer Personal Information to a foreign entity or person if you are required to do so in order t perform a service or contract provided that this information is adequately protected and handles in accordance with POPIA.

Keeping a record on how you process personal information, and for what reasons. This wil help you demonstrate compliancy to the Regulator. 

Resources & Further Reading

This website is the Protection of Personal Information Act in the form of an easy to navigate web form. Browse the website to easily find answers to:

This is the website of the Information Regulator South Africa, where you will find lots of information about: