Are Organisations in South Africa Ready to Comply with Personal Data Protection or Privacy Legislation and Regulations?

This paper reports on a survey conducted to determine the readiness of organisations in South Africa to comply with personal data protection or privacy legislation and regulations. Issues addressed include employee knowledge of personal data classification, policies, the POPI Act, standards, and training or awareness campaigns within organisations. The study also looked at the significance of viewing personal data protection beyond the South African context, including the use of cloud services. To present a balanced view, the study involved both management and technical employees of organisations. It was found that most of the organisations involved in the study are not data privacy compliance ready. The study aims to contribute by assisting organisations to gauge their readiness for data privacy compliance and sensitise them of the need for readiness.