top of page

Residential Estate Access Control and The POPI Act - What You Want To Know

As digital licence scanning pioneers, we want to take a deeper look into the growing data protection concerns around collecting personal information at residential estate access points.

"Lifestyle estates, complexes and community schemes should not collect more information than they need to fulfil a specific and reasonable purpose."

Protection of Personal Information Act (POPIA) and Residential Estates

The Protection of Personal Information Act (POPIA) came into effect on 1 July 2020, giving all responsible parties (entities that collect and process personal data) one year to comply. This has raised a multitude of questions regarding what information may be collected at the gate among housing complex managers and residents.

ATG Digital, who have built their systems around The Protection of Personal Information best practices, share insight into the necessity and legality of scanning

drivers’ or motor vehicle licences.

Visitor Registration and Housing Complex Entrances

“For years, visitors have been asked to provide their name, cell phone number and

signature (at a minimum) to gain entry into lifestyle estates,” says Ariel Flax, Head of Sales of ATG Digital, and adds, “POPIA throws these practices into question—but

not for reasons one might assume.”

Ariel explains: “Visitor registration is allowed. However, often the visitors’ information is handwritten in a book that’s vulnerable to prying eyes—and therein lies the problem.

“POPIA doesn’t disallow the collection of information. Instead, the Act protects

people’s personal information by enforcing rules on what is collected and why; how it is stored; and, if shared, with whom and why. The answers to these questions must be made known to the owner of the information before they share it.”

Baked-in POPIA Compliance

Having consulted a specialist privacy and data protection corporate law firm for

several years, the digital access control pioneers spared no effort in ensuring that

POPIA compliance is baked into their solutions.

Ariel: “Lifestyle estates, complexes and community schemes should not collect more information than they need to fulfil a specific and reasonable purpose. For example, protection (in the case of security) or administration (by managing agents).

“Features like ‘de-identification’, where unnecessary information that has been

captured from driver and motor vehicle licenses is redacted, eliminate non-

compliance risks,” says Ariel. He adds, “The system can be set so that the information is hidden on the scanning devices only or reports as well. On the back-

end, you can set access permissions on reporting.”

When it comes to retention of personal information, Ariel says that the ATG Digital

solution includes a pre-set for data records to be deleted after a specified period—another requirement of the Act.

For all Access Control related information, contact ATG Digital by calling 010 500 8611, Whatsapp 072 055 1187, email or go to


bottom of page