Let's try to do an exercise about how Alfresco can cover some of the main POPI requirements.
Notice that Alfresco is mainly a platform, it is not a product. This means that an Alfresco project is typically a development project, imagine to use it as a framework for building your own content management application on top of the Alfresco repository. You have to consider some effort for modeling, configuring, integrating and testing your extended components and features for your needs.
We can try to summarize the main POPI requirements matching the existent built-in features and the potential capabilities available in Alfresco below, please feel free to contribute with your comments 
1. Accountability
You, as a business or data collector, must ensure that all of the Act’s principles and the measures are complied with and adhered to.
If you consider what Alfresco does when you upload a new document in the repo at 90% you are ok with this because if the content has a known mimetype Alfresco can extract standard metadata that allows you to easily find the content. The content itself is not modified but decorated with some properties and metadata for implementing a tailored content model focused on your specific business case.
2. Processing limitation
Processing of information must be done in a lawful manner that does not infringe on individual’s privacy rights. Personal information can only be processed if the processing is adequate and relevant, and in accordance to which the information is to be used.
Alfresco supports an advanced ACL configuration and it allows you to configure specific permissions and roles against spaces or a single content. You can also extend the built-in roles with your own specific definition of permissions for your roles.
3. Purpose specification
Personal information must only be collected for a particular purpose and the individuals whose information is being collected must be made aware of this. Records must not be kept for longer than necessary, once the purpose for which the information has been collected has been achieved, information must be disposed of safely and in accordance with the law.
Alfresco can be configured for managing the disposition and the lifecycle of contents according to due date or specific workflows that need to check a range of dates. In this way you can implement your lifecycle that define the behavior for importing contents, how and how long should be indexed and when contents must be archived or deleted. The main features related to this purpose is shown in any videos related to the Records Management module.
4. Further processing limitation
Further processing of the information must be in accordance with the purpose of the reason for the initial collection.
This clearly depends about what you are doing with the platform and how you are extending it for covering all the constraints and requirements.
5. Information quality
You, as a business, as a holder of the data, must take reasonable and actionable steps to ensure that personal information collected is complete, accurate, transparent and updated, in accordance with the original purpose for the collection of personal information.
Again this depends on you, this means that you can integrate Alfresco with external data sources, databases or web services for dropping for example some registries for decorating your contents in the right way. Creating your own scheduled actions and jobs you totally cover this POPI requirements.
6. Openness
Steps are required to ensure that individuals whose data is being collected is aware of the personal information being collected and the purpose of the collection.
You can add some notifications via email or any other channel for asking to update personal information in the system. You can configure your own job with your own custom email templates. In this way users can check their own contents in the platform directly, if it is possible by the business case. Otherwise you can extend the platform for generating some reports (CSV, Excel, Word, PDF and so on) to send for asking confirmation. Alfresco supports many trasformers and extractors and you can easily extend the platform for implementing your own rendition for reports.
7. Security safeguards
You, as a business and data collector, must secure the personal information under your possession/control. Should a security breach occur, you must notify the individual or individuals whose information is compromised.
This is just a monitoring operational feature, you can configure or add your own auditing system for avoiding any strange operation or activity.
Alfresco One includes JMX tools that allows you to change, enable and disable on the fly many of the core features of the repository such as: clustering, read/write mode, disable user authentication, disable user account, and so on.
8. Data subject participation
The individual whose data has been collected can request whether you as an organisation are holding their private information, and what information is it that is being held. They may also request the correction or deletion of information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
The Alfresco Administrator group can work on any content in the repo and they can do any gardening activity.
Consider that you can add an automatic behavior fired when any admin user add, change or remove some contents in a folder, owned by someone else, then Alfresco can send an email to confirm the requested change.
