Law: Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA'), Commencement of Section 1, Part A of Chapter 5 and Sections 112 and 113 of POPIA (April 2014), and Regulations Relating to the Protection of Personal Information (2018) ('the Regulations')
Regulator: The Information Regulator ('the Regulator')
Summary: In 2013, POPIA was signed into law by the President of South Africa, and the Information Regulator was established as the supervisory authority. In 2018, the Regulator published the Regulations, which mostly clarify administrative provisions and practical requirements. POPIA is expected to have a significant impact and regulates a wide range of data protection related activities. Moreover, POPIA provides a broad understanding of personal information, not only by specifying that personal information might include information relating to the biometric information, employment history, personal correspondence, personal opinions, pregnancy, mental health, and even the language of a person, but also by including juristic person's personal information within its scope.
However, several Sections from POPIA and the Regulations, such as those regulating the processing of personal data and data subject rights, did not become operational until 1 July 2020. Furthermore, Regulation 4 entered into effect on 1 May 2021, while Regulation 5 become effective on 1 March 2021, and the residual Regulations entered into effect on 1 July 2021.