Incident response

All organisations experience security incidents. Responsible parties and operators are required detect the unlawful processing of personal information. The practice of recording incidents and  managing the responses is a vital part of maintaining normal activity for any entity. It is an important organisational measure for safeguarding personal information and protecting data subjects' rights. 

Responsible parties are required to identify an incident, assess the risk to individuals, respond to mitigate the harm, and promptly notify the Information Regulator and data subjects. Consequently, it is necessary for responsible parties to:

  • prepare and plan in order to respond quickly, orderly, and efficiently 
  • detect when a personal information incident takes place
  • assess its impact on data subjects
  • mitigate the potential harm
  • prevent recurrence
  • promptly inform the Information Regulator and the data subject.


The POPIA platform provides an automated incident management process to assist in responding to an incident.