Many organizations are working to ensure compliance with the Protection of Personal Information Act (POPIA), which went into effect on July 1, 2021. With the deadline already past, it is crucial that companies have good data management practices and processes in place. Does compliance purely come down to consent? What other grounds can information be processed, and what urgent steps can a company take to become complaint?