ATG Digital Publishes Free POPIA Action List for Gated Access

[Johannesburg, 8 June 2026] ATG Digital, in partnership with CIVITAS (PTY) LTD, released the POPIA Responsible Party Action List. It is a free, practical guide for HOAs, body corporates, managing agents, landlords, employers and institutions.

It helps them move from assuming they comply with the Protection of Personal Information Act (POPIA) to proving it.

The guide is published ahead of the expected finalisation of the draft Code of Conduct for Gated Accesses. It sets out 12 clear steps that responsible parties can start using immediately—even before the Code is final.

As ATG Digital notes in the guide: "none of them depend on the final text, all of them will hold regardless of how the outstanding issues are resolved."

What the Guide Covers

The action list shows responsible parties the full compliance process for gated access environments.

Key steps include:

Formally appointing and registering an Information Officer.

Mapping every data collection point at the gate, from visitor registers and biometric readers to CCTV and licence plate recognition.

Doing a documented risk assessment and aligning data collection with it.

Checking whether each data field is necessary and proportionate.

Identifying the correct lawful basis for each use of personal information.

Displaying a POPIA-compliant privacy notice at the gatehouse or boom.

Enforcing defined retention periods for all data categories.

Checking operator agreements with guarding companies, biometric vendors, and cloud providers.

Training frontline staff on their POPIA obligations.

Running Personal Information Impact Assessments before using high-risk technology such as biometrics or automated decision-making.

Setting up a documented process for handling data subject requests and complaints.

Bringing all of the above into a living compliance framework — not a once-off policy document.

Why it Matters Now

The Information Regulator is moving forward with the Code of Conduct for Gated Accesses. Once finalised, the Code will introduce sector-specific obligations that go beyond general POPIA requirements.

Non-compliance will have enforceable consequences.

Organisations that start these steps now will be better prepared than those waiting for the final text.

ATG Digital has been working at the intersection of access control technology and data privacy regulation for over a decade. The company has played an important role in shaping the industry's understanding of POPIA obligations at the gate.

Through this guide, ATG Digital continues to lead on regulatory compliance as the legislative landscape evolves.

Where to Find the Guide

The POPIA Responsible Party Action List is available free of charge at https://www.atgdigital.biz/post/popia-responsible-party-action-list-what-you-can-do-right-now.

Estate managers, heads of security, managing agents and anyone responsible for a gated access environment are encouraged to read it and start applying its recommendations now.

For further information, please contact ATG Digital at This email address is being protected from spambots. You need JavaScript enabled to view it..