Protection of Personal Information in South Africa.


Protection of Personal Information & Privacy in South Africa

We live in the era of the data society. On the one hand economic, social and scientific progress is driven by the free flow and processing of information. On the other hand there is the human and constitutional right to privacy, including the right not to have the privacy of our communications infringed.

In South Africa, legislation specifically aimed at striking a balance between free data flow and the right to privacy includes the Promotion of Access to Information Act, No 2 of 2000, best known as “PAIA”, and the Protection of Personal Information Act, No 4 of 2013, or “POPIA”, with its Regulations of 2018.
For a POPIA Summary, click here
For POPIA Tools, click here

Scroll down to download official documents

How does this affect your business? POPIA applies to every company in South Africa that processes people’s (or other companies’) personal information. This can go from storing e-mails on your computer and processing members’ and customers’ details to sending out direct marketing messages. “Personal information” and “processing” get a very broad definition in POPIA. Under certain conditions (section 105 POPIA), non-compliance with POPIA’’s Chapter 3 may constitute a criminal offence.

What action needs to be taken, and when? Procedures, documents and people need to be in place to prove your company’s compliance with POPIA. Should it ever come to a complaint or dispute, your defence will rely on evidence of these measures, systems and remedies. Action is therefore required at two levels: at your company’s office, and on your website. POPIA provides a “grace period” of one year (section 114(1)). Full compliance with POPIA must be in effect one year after its commencement date, which was proclaimed on 22 June to be 1 July 2020.

May Section 4 Be With You 😉