Request A Demo Login Now Sign up to DataGuidance Alerts DataGuidance DataPrivacy Index Cookie Consent Guide Data Protection Law & Policy Download a DataGuidance Brochure DataGuidance Videos


I find DataGuidance to be intuitive and easy to use. It is by far one of the best "one-stop" sites for fast and easy access to an extensive library of data protection and privacy sources globally. It enables me to research and obtain regulatory updates with confidence.

Given that more and more countries in the Asia Pacific region are implementing data protection laws, keeping abreast with such newly implemented laws and ensuring compliance in these jurisdictions can be extremely challenging. DataGuidance is definitely the resource tool that one can safely turn to for access to the latest legal and regulatory information making compliance a much simpler and less daunting process.
Tepee Phuah, Partner, Tay & Partners
RSS feed of this page Updated: 05/09/2013 
Sharing disabled by cookie consent preference.
Privacy This Week powered by DataGuidance

back to Privacy This Week

South Africa: New privacy law will have 'significant impact' on businesses

The South African Parliament passed - on 22 August 2013 - the Protection of Personal Information (POPI) Bill. POPI was introduced in August 2009 by the South African Cabinet and represents South Africa's first comprehensive data protection legislation. POPI is expected to come into force before the end of the year.

"[POPI] will, upon promulgation, impose a number of stringent obligations on all persons which in any manner process personal information", Simone Gill, Director of the Technology Media and Telecommunications Practice at Cliffe Dekker Hofmeyr, told DataGuidance. "It is expected to have a significant impact on the manner in which private and public bodies process personal information, [defined as] any information that identifies a natural or [legal] person."

POPI was drafted on the basis of the EU Data Protection Directive 95/46/EC (the Directive), and establishes eight data protection principles, which reflect EU, Canadian and Australian data protection models. Of particular note, POPI restricts cross-border data transfers unless the country to which the data is transferred provides a similar level protection of personal data. Under POPI, companies may adopt contractual clauses and binding corporate codes of conduct.

[POPI] is expected to have a significant impact on [how organisations] process personal information.

POPI will also introduce a mandatory data breach notification requirement. 'Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person', reads Article 21, 'the responsible party, or any third party processing personal information under the authority of a responsible party, must notify the Regulator; and data subject, unless the identity of such data subject cannot be established.'

POPI establishes the Information Protection Regulator (IPR) with investigatory and enforcement powers, including the power to impose fines of up to ZAR 10 million (approx. €740,200). POPI also imposes criminal sanctions of up to 10 years' imprisonment for obstruction of the activities of the IPR, and up to 12 months for other violation.

Once enacted, POPI will provide South African companies with a one-year grace period to bring their existing data protection processing practices in line with the legislative requirements. However, the Information Protection Regulator, once established, may extend this transitional period to a maximum of three years.

"As promulgation is now imminent, it is essential for all persons, including private and public entities, to initiate awareness workshops and to conduct detailed due diligence exercises in order to assess their current levels of compliance with [POPI]", said Gill. "[Businesses need] to determine which steps are to be taken to ensure compliance, failing which they may find themselves being subject to criminal sanction and civil liability. Although [POPI] does allow for a one year transition period, the obligations imposed are extensive and will take time and effort to implement."

To become law, POPI will need to be translated into Afrikaans and then signed by the President. It is expected to be enacted before the end of the year.

© 2015 Cecile Park Publishing Ltd. All rights reserved

Sharing disabled by cookie consent preference.

Other News

© 2016 Cecile Park Publishing Ltd. Privacy Policy | Terms and Conditions | Sitemap
Address: 17 The Timber Yard, Drysdale Street, London, N1 6ND, UK | Phone: +44 (0)20 7012 1380 | Email: