Sort of, but not really. It’s best to think of them as different flavours of the same thing. Pretty much, if you’re GDPR— (that’s General Data Protection Regulation, for those of you living under a rock) compliant — you’re pretty much POPI-compliant.
They are similar in some ways. Namely, they both lay down the law for processing and storing personal information and the rules for notifying third parties if there are security breaches.
However, they are different in the sense that the security regulations differ slightly, as follows:
GDPR: “The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security and appropriate to risks represented by the processing and the nature of the personal data to be protected.”
POPI: “A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures.”
Further, the penalties for a breach of each differs, with a breach under the GDPR can be a fine of up to four percent of annual global turnover or €20-million, whichever is greater. This kind of fine would cripple most South African companies.