South Africa Protection of Personal Information Act (POPIA)

South Africa’s Protection of Personal Information Act (POPIA) took effect on July 1, 2020, and enforcement began on July 1, 2021. South Africa’s POPIA is one of the major data privacy laws in the world to be modeled closely after the EU’s GDPR.

The purpose of this Act is to give effect to the constitutional right to privacy, regulate the manner in which personal information may be processed and provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act.

Important Definitions Under POPIA(Section 1)

Personal information

Consent

Data Subject

Processing

The collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use;
Dissemination by means of transmission, distribution or making available in any other form; or
Merging, linking, as well as restriction, degradation, erasure or destruction of information.

POPIA Applicability (Section 3)

This Act applies to the processing of personal information
- Entered in a record by or for a responsible party by making use of automated or non-automated means, and
- Where the responsible party is
  - Domiciled in the Republic; or
  - Not domiciled in the Republic but makes use of automated or non-automated means in the Republic unless those means are used only to forward personal information through the Republic.

Rights of Data Subject Under POPIA

Right to be notified (Section 18)

Right to access (Section 23)

Right to deletion (Section 24)

Right to objection (Section 11)

Right to Complaint (Section 74)

Right to Civil Action (Section 99)

Information Officer (Section 55)

Each public and private body must make provision, in the manner prescribed in section 17 of the Promotion of Access to Information Act, with the necessary changes, for the designation of

Such a number of persons, if any, as deputy information officers as is necessary to perform the duties and responsibilities as set out in section 55(1) of this Act; and
Any power or duty conferred or imposed on an information officer by this Act to a deputy information officer of that public or private body.

Enforcement (Section 107)

Serious POPIA Offences

The responsible party will be liable to fine or to imprisonment for a period not exceeding 10 years, or to both a fine and such imprisonment, if you have committed the following offences:

Obstruct the regulator (section 100)
Fail to comply with an enforcement notice (section 103(1))
Give false evidence before the regulator under oath (section 104(2))
Fail to comply with the conditions when processing account numbers (section 105(1))
Knowingly or recklessly obtain or disclose an account number (section 106(1))
Sell (or offer to sell) an account number (section 106(3) and (4))

Minor POPIA Offences

The responsible party will be liable to a fine or to imprisonment for a period not exceeding 12 months, or to both a fine and such imprisonment, if you have committed the following offences:

Fail to get prior authorisation from the regulator if you need to (section 59)
If a person acting for (or under the direction of) the regulator does not keep personal information confidential (section 101)
Obstruct a person executing a warrant or fail to give assistance to the person (section 102)
Make a statement knowing it to be false (or recklessly) (section 103(2))
Fail to give evidence when summonsed to do so by the regulator (section 104(1))

Conclusion

With close alignment to EU General Data Protection Regulation, POPIA ensures that South African citizens’ data privacy rights are protected thoroughly, paving the way for an EU adequacy decision, allowing privacy-sensitive information to be transferred safely between the EU and South Africa.

POPIA (South Africa’s data protection law) came into force about eight years after it was enacted in 2013. POPIA is now well positioned to influence privacy legislation in Africa and around the globe as a well-established privacy law.

Mandatly Privacy Management - Mandatly Inc.

Related Blogs

Cookie Consent Solutions for GDPR & CCPA Compliance 20240708043627

Cookie Consent Solutions: Ensuring GDPR & CCPA Compliance - Mandatly Inc.

Cookie Consent Solutions for GDPR & CCPA Compliance

The Role of Cookie Consent Solutions in GDPR and CCPA ComplianceIn today's digital landscape, data privacy regulations like t.

GDPR Compliance Made Easy: Tips for Updating Your Privacy Policy 20240524035956

GDPR Compliance Made Easy: Tips for Updating Your Privacy Policy - Mandatly Inc.

GDPR Compliance Made Easy: Tips for Updating Your Privacy Policy

GDPR Compliance Made Easy: Tips for Updating Your Privacy PolicyIntroductionIn an era where data privacy is paramount, ensuri.

Navigating GDPR Compliance: A Comprehensive Guide to Cookie Policies 20240513042210

Navigating GDPR Compliance: A Comprehensive Guide to Cookie Policies - Mandatly Inc.

Navigating GDPR Compliance: A Comprehensive Guide to Cookie Policies

Navigating GDPR Compliance: A Comprehensive Guide to Cookie PoliciesIn an era marked by increasing concerns over data privacy.

Data Mapping Requirement for CPRA & CCPA Compliance 20240501045009

Data Mapping Requirement for CPRA & CCPA Compliance - Mandatly Inc.

Data Mapping Requirement for CPRA & CCPA Compliance

Data Mapping Requirement for CPRA & CCPA ComplianceWhat are the CPRA Data Mapping Requirements?The California Consumer Pr.

The Role of Employee Training in GDPR Compliance and Data Security 20240205100131

The Role of Employee Training in GDPR Compliance and Data Security - Mandatly Inc.

The Role of Employee Training in GDPR Compliance and Data Security

The Role of Employee Training in GDPR Compliance and Data SecurityOverview: GDPR Training For EmployeesIn today's rapidly evo.

Explore the Link Between Cybersecurity and GDPR Compliance 20240201044003

The Intersection of GDPR & Cybersecurity - Mandatly Inc.

Explore the Link Between Cybersecurity and GDPR Compliance

The Intersection of GDPR & CybersecurityWhat is GDPR?Enforced since May 2018, GDPR is a comprehensive set of regulations .

International Data Transfers: Understanding Legal Frameworks 20240125043450

Cross Border Data Transfer & Legal Framework - Mandatly Inc.

International Data Transfers: Understanding Legal Frameworks

Cross Border Data Transfer & Legal FrameworkA Legal Framework For Data ProtectionBefore delving into the legal mechanisms.

EU-U.S. Data Privacy & GDPR: A Symbiotic Bond 20240110045117

The GDPR and the EU-U.S. Data Privacy Framework: A Symbiotic Relationship - Mandatly Inc.

EU-U.S. Data Privacy & GDPR: A Symbiotic Bond

The GDPR and the EU-US Data Privacy Framework: A Symbiotic RelationshipEU-US Data Privacy Shield FrameworkThe EU US Data Priv.

PIA Software: Streamlining Privacy Impact Assessments 20231229045248

Employee Privacy Rights: CPRA's Impact on Workplace Data Protection - Mandatly Inc.

PIA Software: Streamlining Privacy Impact Assessments

Conducting Privacy Impact Assessments with PIA Software: Benefits and Best PracticesAbout Privacy Impact AnalysisIn today's d.

Getting Started with Privacy Impact Assessment (PIA) Software 20231221064257

Getting Started with Privacy Impact Assessment (PIA) Software

Getting Started with PIA Software: Step-by-Step Implementation GuideIntroductionPrivacy Impact Assessment (PIA) software has .

LGPD Compliance: Checklist & Best Practices 20231109071852

Preparing for LGPD: Compliance Checklist and Best Practices - Mandatly Inc.

LGPD Compliance: Checklist & Best Practices

Preparing for LGPD: Compliance Checklist and Best PracticesOverview Of LGPDThe LGPD, or Brazil's General Data Protection Law.

Brazilian Data Protection Law (LGPD) 20231030043222

Brazilian Data Protection Law (LGPD) - Data Subject Rights - Mandatly Inc.

Brazilian Data Protection Law (LGPD)

Data Subject Rights Under LGPD Access, Rectification, and ErasureIntroductionThe LGPD, or the Brazilian General Data Protecti.

Brazils’ LGPD Compliance Guide You Must Read 20231025062215

Everything You Need to Know About Brazil LGPD: Penalty For Non-Compliance of LGPD

Brazils’ LGPD Compliance Guide You Must Read

Everything You Need to Know About Brazil LGPD: Penalty For Non-Compliance of LGPDWhat is Brazil’s LGPD?The LGPD, or Lei Geral.

Key GDPR Compliance Privacy Software Features 20230906043009

5 Key Features to Look for in Privacy Management Software for GDPR Compliance - Mandatly Inc.

Key GDPR Compliance Privacy Software Features

5 Key Features to Look for in Privacy Management Software for GDPR ComplianceAbout The Features Of GDPR Management Compliance.

Virginia Consumer Data Protection Act – All about CDPA 20230104044820

Virginia Consumer Data Protection Act (CDPA) - An Overview - Mandatly Inc.

Virginia Consumer Data Protection Act – All about CDPA

Virginia Consumer Data Protection Act – All about CDPAWhat is VCPDA?The Virginia Consumer Data Protection Act CDPA is a.

Difference between CDPA, CCPA, CPRA and CPA 20210722111718

Know the difference between Virginia's CDPA CCPA CPRA and CPA - Mandatly Inc.

Difference between CDPA, CCPA, CPRA and CPA

Difference between CDPA, CCPA, CPRA and CPAUnderstanding CDPA, CPA, CCPA & CPRAOn March 2, 2021, Governor Ralph Northam s.

Colorado Privacy Act (CPA) 20210713052349

Colorado Privacy Act - Mandatly Inc.

Colorado Privacy Act (CPA)

Colorado Privacy Act (CPA)Colorado is officially the third U.S state to adopt privacy legislation, after California and Virgi.

CDPA, CCPA and CPRA : Key Difference & Similarities 20210705113837

Virginia’s New Consumer Data Protection Act - Mandatly Inc.

CDPA, CCPA and CPRA : Key Difference & Similarities

CDPA, CCPA and CPRA : Key DifferencesAll About California’s CDPA, CPRA VS CCPAOn March 2, 2021, Governor Ralph Northam signed.