The impact of POPI on your email marketing

This year, on the 1st of July, to be exact, the provisions of the Protection of Personal Information Act take effect in South Africa. Namely. The POPI Act aims to protect the personal information of South African people and businesses by regulating how companies handle their client data. This means both small and large businesses within SA need to sit up and take notice.

POPI is, by default, closely connected to email marketing, not only because individuals’ personal details are collected, but also because someone’s email address falls under the provisions of the Act.

But what else constitutes personal data and what does POPI have to do with email marketing? Let us discuss how the POPI Act impacts your email marketing.

How POPI impacts email marketing

The POPI Act builds upon existing data protection laws such as PAIA (the Promotion of Access to Information Act) and ECTA (Electronic Communications and Transactions Act) making them even more applicable to the digital age. And with so much more online business activity, the reach of the POPI Act is far greater than before. This privacy law affects companies operating in South Africa as well as businesses that store and process personal information on a South African citizen. But what exactly constitutes personal information?

Below is a list of the information governed by POPI that you’re likely using in your direct marketing, which includes, but is not limited to:

TouchBasePro POPI Infographic

This means that the most utilised data in direct marketing is going to fall under the provisions of POPI, meaning that you, as a marketer, need to pay careful attention to the processing of this data.

When we consider the sheer number of personalised emails that marketers send out every day, it becomes clear why the POPI has such a strong effect on email marketing. But what can marketers do to comply with the provisions of POPI? Here are some practical tips.

Make sure of client opt-in

Though asking someone to join your database is the ethical thing to do, many companies have simply been communicating with people in their database whose details can’t really be linked to an “opt-in”. These are often current customers of the company added to communication lists or details your sales or marketing team may have collected and have been communicating with.

One of the biggest questions regarding email marketing and POPI is whether you can keep sending marketing emails to your existing subscribers. This includes people added to your lists before POPI takes effect. The good news is you can still send emails to these contacts!

There is no explicit need for obtaining new consent, but as of 1 July 2021, the Act states that all data subjects need to have provided consent after the first communication, or you will need to stop communicating with them if this consent is not obtained. So, you need to begin asking for consent to collect client or prospective client details as soon as possible.

How to gain consent?

Before POPI, marketers could send emails to pretty much anyone that had filled out a web enquiry form or a pop-up. This will no longer be the case as all new contacts will now have to explicitly permit you to send them marketing emails. You can no longer hide your communication policy in your privacy policy or have pre-ticked opt-in forms either. New subscribers must explicitly take an action opt-in to your newsletter or database if you want to be able to keep marketing to them.

You will also need to be specific about the channels you’re using to send marketing communication (e.g., email, SMS, cookies, etc.)

Updating your sign-up forms

If your sign-up forms assume user permission in any way, you will have to update them (think pre-ticked boxes on a sign-up form). It is also recommended to specifically disclose what the users will receive from you after agreeing to your T’s & C’s. By ticking these relevant boxes, the user essentially consents to receiving your marketing emails going forward.

TouchBasePro gdpr-compliant-web-froms-online (1)
Image credit:

It is also very important to include a link to your privacy policy on all web sign-up forms. This gives subscribers a chance to understand what they are consenting to and how to opt-out. Once you have updated your web forms, you will also have to record the user consent in a way that is compliant with the POPI. Most good email service providers help with this too.

Dealing with opt-outs

This may sound obvious, but you need to make it easy for users to unsubscribe from your newsletters or mailing lists.

The Act requires you to include an unsubscribe link in your emails. These links should be clearly visible, and the process should be as straightforward as possible. When a user clicks on the unsubscribe link, they should be able to quickly remove themselves from your list. Lastly, it is recommended you should delete all the personal data you have on them. This is done to protect them, and you, in the event of a data breach. Our suggestion is to only keep the client info you need, for as long as you need it, and no longer.

TouchBasePro Email-laws-unsubscribe-link
Image credit:

POPI is almost here, is your business ready?

Consumer privacy is extremely important, especially when it comes to gaining client trust. POPI tries to prevent any misuse of personal information, and we believe that this regulation isn’t all that bad.

Instead of purchasing email lists, you will actively need to market to people who want to receive your offers. This increases engagement and gives your brand the credibility it deserves. The POPI Act significantly impacts email marketing efforts in a good way.

Let our team of email experts help your marketing team comply! We’ll be running POPI workshops geared at direct marketing until the Act is implemented in full. Reach out to our head of BD today for more info at and begin your journey to POPI compliance today.