Upgrade to a premium account to save this to your customizable Workspace
POPIA
Comply with POPIA
South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') was promulgated into law on 26 November 2013, following the President's signature. A period of relative stasis then followed for several years while a commencement date for the key provisions was decided upon. The Information Regulator ('the Regulator'), the data protection authority provided for by POPIA was established during this time and held its first meeting late in 2016, although its operations were limited.
The Regulator announced, on 1 July 2021, that its enforcement powers under POPIA are into effect from 1 July 2021, following the conclusion of the 12-month transition period for compliance as provided under Section 110 of POPIA.
POPIA is further supported by the Regulations Relating to the Protection of Personal Information (2018), which establish additional provisions on the application of POPIA and contain several template forms.
OneTrust DataGuidance's POPIA Portal provides you with the ability to track developments regarding POPIA and understand its obligations.
POPIA v. GDPR
OneTrust DataGuidance have produced a POPIA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the POPIA comparative to the GDPR. You can also leverage this information through our GDPR v. POPIA Comparison in the tab above.
South Africa Privacy Landscape Overview
Watch our South Africa Overview video to understand the state of privacy in South Africa today.
The Information Regulator ('the Regulator') released, on 13 September 2021, a media statement in which it announced that its IT systems had been affected by a ransomware attack on the Department of Justice & Constitutional Development ('DOJ&CD').
The Information Regulator ('the Regulator') released, on 2 September 2021, forms relating to the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000) (as amended) ('PAIA'), including Form 5 of the same and PAIA Manual Templates, one for public bodies and one for private bodies.
Form 5
The Information Regulator ('the Regulator') published, on 2 August 2021, in accordance with Section 61(2) of the Protection of Personal Information Act, No. 4 of 2013 ('POPIA'), that it had received a code of conduct from Maktaba Stationery TA PNA, a stationery retail company.
The Information Regulator ('the Regulator') published, on 22 July 2021, Form 5 of the Regulations relating to the Protection of Personal Information, 2018 which support the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ('POPIA').
The Information Regulator ('the Regulator') issued, on 13 July 2021, a warning on processing personal data without consent, following the distribution of photographs of former President Jacob Zuma at a facility of the Department of Correctional Services ('DCS') through social media.
The Information Regulator issued, on 29 June 2021, its guidance note on the processing of special personal information under Sections 26 and 27(1) of the Protection of Personal Information Act, 2013 ('POPIA').
The Information Regulator issued, on 29 June 2021, its guidance note on the processing of personal information of children under Section 35(2) of the Protection of Personal Information Act, 2013 ('POPIA').
The Information Regulator announced, on 1 July 2021, that its enforcement powers under the Protection of Personal Information Act, 2013 ('POPIA') has into effect from this date following the conclusion of the 12 month transition period for compliance as provided under Section 110 of POPIA.
The Information Regulator released, on 29 June 2021, a notice in which it highlighted that it will take over the regulatory mandate functions relating to the Promotion of Access to Information Act, 2000 ('PAIA') from the South African Human Rights Commission ('SAHRC') from 30 June 2021.
The Information Regulator ('the Regulator') issued, on 22 June 2021, a media statement in which it addressed upcoming developments regarding the commencement of its enforcement powers.
The Information Regulator ('the Regulator') released, on 21 June 2021, its Guidance Note on Exemptions from the Conditions for Lawful Processing of Personal Information in terms of Section 37 and 38 of the Protection of Personal Information Act, 2013 ('POPIA').
The Information Regulator ('the Regulator') announced, on 14 June 2021, under Section 61 of the Protection of Personal Information Act, 2013 ('POPIA'), that it had received a code of conduct for lawful processing of personal information by the banking industry, specifically by members of the Banking Association of South Africa ('BASA').
The Government Gazette for the Republic of South Africa released, on 1 June 2021, Government Notice No. 324, notifying that the President, Cyril Ramaphosa, had assented, on 26 May 2021, to the Cybercrimes Act, No. 19 of 2020, previously referred to as the Cybercrimes Bill.
The Information Regulator published, on 13 May 2021, both its Strategic Plan and Annual Performance Plan, which serves as the implementation plan for the former, for the 2021 to 2022 financial year.
The Information Regulator ('the Regulator') announced, on 13 May 2021, that it will take further action regarding the WhatsApp LLC privacy policy, which will require users to accept new terms and conditions for using the app from 15 May 2021.
The Department of Communications and Digital Technology ('DCDT') released, on 1 April 2021, an invitation to submit written submissions on the proposed National Data and Cloud Policy in terms of Section 3(5) of the Electronic Communications Act, 2005 (Act No. 36 of 2005).
The Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') requires a responsible party to apply for and obtain authorisation prior to processing certain identified categories of personal information.
The effective date for South Africa's data privacy law, the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') is fast approaching and in anticipation of D-Day (1 July 2021), organisations need to address their compliance requirements to avoid possible penalties.
The Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') defines a number of different persons who may either, in the circumstances, be involved in and/or responsible for the processing and protection of personal data or alternatively, are the persons to whom such personal data relates.
Under South African law, direct marketing is not solely regulated by the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') but is affected by other pieces of legislation too, such as the Consumer Protection Act, 2008 (Act 68 of 2008) ('CPA') and the Electronic Communications and Transactions Act, 2002 (Act 25 of 2002) ('ECTA
By now the news of the commencement date (i.e. 1 July 2020) for the Protection of Personal Information Act No.
The President of South Africa announced, on 22 June 2020, the commencement dates for certain remaining sections of the Protection of Personal Information Act, 2013 ('POPIA'). Such sections will commence on 1 July 2020 and 30 June 2021.
The Information Regulator in South Africa, by letter to the President, has requested that the President bring into effect the remaining sections of Protection of Personal Information Act, 2013 ('POPIA') from 1 April 2020, which is the beginning of the Information Regulator's financial year. Tebogo Sibidla, Director in the Media, Communications &
In October 2019, OneTrust DataGuidance met with Lebogang Stroom-Nzama, Member of the Information Regulator, South Africa. Lebogang discusses the reasons why the Protection of Personal Data Act, 2013 (Act No.
The collection and use of biometric information has gained prevalence across the world, and South Africa is no exception.
The introduction of the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') marked the beginning of an extensive period of data protection-related legislation being considered, promulgated and amended in South Africa.
POPIA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Enforcement Benchmark
