Data Breach? Sage X3 assisting you manage compliance with the Protection Of Personal Information Act - South Africa

In this blog I will show you the tools available in Sage X3 to assist you to comply with the Protection of Personal Data Act with regards to processing of personal information. These tools are available on Sage V6.5, V9, V11 but enhanced on V12.

 On 1 July 2020, sections 2 to 38; sections 55 to 109; section 111; and section 114 (1), (2) and (3)  commenced and companies that operate in South Africa have a year to ensure that they comply. I am going to focus on the tools in Sage X3 supporting you to comply with the POPIA. The Sage X3 alone is not enough, there must be other processes and internal administrative work developed to ensure compliance.

This includes.

  • Document where personal data is managed in Sage X3 and outside of the system e.g. contracts, Curriculum Vitae, email history, etc.
  • Why & how this data is used


Let’s look at how Sage X3 can support us in our compliance.

  1. Appoint a person to manage compliance for each company in Sage X3 Endpoint. The role of the Information Officer is to create awareness and include developing compliance framework.



  1. We should also look at modules where personal data is stored in the database.

Business partners [Carriers – Customers – Factors – Suppliers -Sales reps]

Prospects – Contact relationships- Leads – CRM contacts


  1. Identify the fields / data types that references to main records of individuals, addresses, email, phone numbers in the Sage X3 database. Purging parameters and setup.


  1. It is also possible to associate the data types of other systems like Sage X3 HR.


  1. We can export a list of personal data including emails, telephone numbers. The data is displayed in CSV format in Microsoft Excel. This information can be used to communicate in case of a data breach.