Software · POPIA · Act 4 of 2013
POPIA compliance software, built for South African businesses.
Global privacy platforms treat POPIA as one checkbox in a GDPR product. Komply starts from the Act itself: a monthly scan of your public surface, findings that cite section numbers and link to the Information Regulator's guidance, and remediation artefacts you can paste the same day.
Included in every tier from R750/mo · single module R1,500/mo · Built by a CA(SA) · First 25 pilot tenants free
- For
- Every SA business holding customer data. The POPIA module is foundational — it runs on every Komply tier, from R750 a month.
What it does
- 01
A monthly scan of everything POPIA can see from outside
Privacy policy presence and accessibility, cookie-consent posture, the data-subject-request mechanism, Information Officer designation, mail-server DNS hygiene (SPF, DKIM, DMARC), TLS configuration, response headers, and third-party tracker enumeration. Findings are scored, severity-tagged, and tracked month over month.
- 02
Findings that cite the Act
Each finding cites the POPIA section it engages and links to the Information Regulator's published guidance. When your board or a client's procurement team asks why something matters, the answer is a section number, not a vendor's opinion.
- 03
Remediation artefacts, drafted for you
Pro tenants generate ready-to-paste artefacts from each finding card: privacy-policy section text, cookie-consent banner code, a data-subject-rights notice, and the Information Officer designation block. Each is a deterministic template — review with your legal advisor before publishing.
- 04
The wider website surface, in the same scan
SEO, generative-engine visibility, security headers, performance, and accessibility checks are included in every Pro and Enterprise scan. One scan, one report, one finding list.
- 05
Regulatory changes, watched
Information Regulator guidance and enforcement activity is tracked and surfaced in your dashboard, so a change in interpretation reaches you before it reaches an enforcement notice.
Questions
What does the POPIA scan actually check?
Eight surfaces: privacy policy presence and accessibility, cookie-consent semantics, the data-subject-rights notice, Information Officer designation, mail-server DNS records (SPF, DKIM, DMARC), TLS configuration, server response headers, and third-party trackers. Every finding carries a severity and the POPIA section it engages.
Is Komply the best POPIA compliance tool in South Africa?
It depends what you need. Komply is the only SA platform that monitors POPIA alongside B-BBEE, SARS, and FSCA obligations in one subscription, and it was built here, priced for SA businesses. If you need enterprise DSAR workflow automation across dozens of jurisdictions, a global privacy suite is a better fit. If you need to know, every month, whether your South African business would survive a POPIA complaint — that is what Komply is for.
Does Komply make my business POPIA-compliant?
No tool does. POPIA compliance is partly public surface (which Komply scans), partly internal practice (which Komply tracks but you implement), and partly judgment (yours, or your attorney's). Komply's job is to make sure nothing on the monitorable side goes unnoticed, and that you hold evidence of the rest.
How much does POPIA compliance software cost?
Komply starts at R750 a month for the Starter bundle, which includes the POPIA module and one scanned domain. Pro (R3,500) adds five domains, on-demand scans, and remediation artefact generation. A single-module subscription is R1,500 a month.
Go deeper
- POPIA compliance: the complete guide
- POPIA §19: what “appropriate security safeguards” requires
- Is your website POPIA-compliant? A checklist
The POPIA compliance module is one quarter of Komply. B-BBEE scorecard · SARS submissions · FSCA tracker run in the same workspace, on the same subscription — the full stack.
Try it on your own books.
The four modules are live. Komply is onboarding the first 25 pilot tenants free — join the waitlist and we'll invite you in order.