POPIA fines reach R10 million. Many businesses have no idea where they stand.

POPI Academy helps South African small and medium sized companies understand their obligations under the Protection of Personal Information Act - and take the right steps to meet them, without the overwhelm.

Request a Discovery Call

SME-focused compliance

Practical, not theoretical

POPIA & PAIA specialists

South African registered business

About POPI Academy

Compliance clarity, built for real businesses

POPI Academy was founded with a single focus: to help South African small and medium-sized businesses navigate the Protection of Personal Information Act in a way that is practical, clear, and proportionate to their size and risks.


Most SMEs aren't wilfully non-compliant. They simply haven't had access to focused, accessible guidance that cuts through the complexity without requiring a legal degree to understand.


We work exclusively in POPIA and PAIA compliance.

That focus means every service we offer (from risk assessments to training) is purpose-built for organisations that want to get this right without overspending or overcomplicating it.


Our approach starts with diagnosis. Before any documentation or training, we help you understand exactly where your business stands, so every step that follows is targeted and effective.

Request a Discovery Call

About the Founder

Ilizna Jackson is a senior legal and compliance executive with a law degree and years of hands-on experience in governance, risk, and regulatory compliance. In her day job, she serves as Head of Legal at a national IT and healthcare organisation, working daily with the exact frameworks, audits, and accountability structures that POPIA demands.

POPI Academy exists because she kept seeing the same problem: South African SMEs either drowning in compliance overwhelm or trusting generic templates that wouldn't hold up under scrutiny.

Her approach is simple: diagnosis first, then practical, proportionate action. No legal intimidation. No unnecessary complexity. Just a clear picture of where your business stands and exactly what needs to change.

Button label

Why work with us

  • Specialist Focus:

    We work exclusively in POPIA and PAIA compliance - not as a side service, but as the entirety of what we do.

    That depth of focus translates directly into better guidance for your business.

  • SME-Appropriate Solutions:

    Enterprise compliance frameworks don't scale down well.

    Everything we offer is designed to be proportionate (in scope, cost, and complexity) to businesses of your size.

  • Diagnosis Before Action:

    We don't recommend a solution before understanding the problem. Every engagement begins with an honest assessment of where you currently stand and what your actual risk exposure looks like.

  • Plain Language, Always:

    The Act is complex. Our explanations aren't. We translate legal obligations into practical business language so you can make informed decisions with confidence.

What We Offer: Services built around your actual needs

Each service is designed to stand alone or work together as part of a complete compliance programme. You start where you are - not where a template assumes you should be.

Our Services

  • POPIA Risk Assessment

    A structured audit of your current data practices, mapped against the eight conditions for lawful processing under POPIA.

    You receive a written gap report and a prioritised action plan - a clear picture of where you stand and what needs to change.

  • Compliance Documentation

    Customised policies, procedures, and templates tailored to your specific business context - not generic documents that don't reflect how you actually operate.

    (This is built on the findings of your risk assessment.)

  • Training & Awareness

    Information Officer training and staff awareness programmes designed to build genuine understanding - not just tick a box. Practical, relevant, and grounded in real scenarios your team will recognise. (Video courses launching soon.)

Built for businesses that run on trust

If your business collects, stores and/or uses personal information (and virtually every registered South African company does) POPIA applies to you.

We support:

Professionals

Accountants, attorneys, consultants, and advisors who hold sensitive client information as a core part of their practice.

Property Managers

Managing resident and owner data brings specific obligations under POPIA. We understand the sector and its compliance requirements.

E-commerce

Customer databases, marketing lists, and payment records all constitute personal information under POPIA.

Healthcare & Wellness

Health data carries the highest level of protection under POPIA. Compliance in this sector is both critical and complex.

Why it matters

The cost of not knowing is higher than you think.

Regulatory penalties are real:

The Information Regulator has the authority to impose administrative fines of up to R10 million. Criminal penalties, including imprisonment of up to 10 years, apply in certain cases.

Reputational damage is harder to recover from:

A data breach or regulatory complaint doesn't just cost money, it affects client trust and the reputation you've spent years building.

The Regulator is actively investigating:

The Information Regulator is increasingly active. Complaints can come from employees, clients, or any person whose personal information you hold.

Not knowing is not a defence:

The Act has been enforceable since 1 July 2021, and ignorance of your obligations does not reduce liability under POPIA.

The good news: Getting it right is more achievable than you think.

For most SMEs, a clear and defensible compliance posture can be established without significant disruption - once you know exactly what's required.

Get in Touch: Start with a conversation

The best first step is a straightforward 20-minute Discovery Call. (Limited availibility.)

You'll leave with a clearer picture of where your business stands on POPIA - and a realistic sense of what, if anything, needs to change.

Request a Discovery Call (Limited Availibility)