Threats to individual privacy are greater now than ever envisaged, even by an Aldous Huxley or George Orwell. Privacy is most often seen as a fundamental personal right deserving protection either as part of human dignity or, if not subsumed under dignity, nevertheless warranting independent protection.

The state is required to respect, protect, promote and fulfil the rights in the Bill of Rights (section 7(2) of the Constitution). The right to privacy is constitutionally entrenched in the South African Bill of Rights in section 14 of the Constitution. There are various pieces of legislation that implicate the right to privacy. Of particular importance is the Protection of Personal Information Act 4 of 2013 (POPIA), which deals with data protection. POPIA was signed into law on November 19, 2013 and parts of the law became effective on April 11, 2014. The rest of the law has now, on 1 July 2021, finally come into full force through the establishment of the Information Regulator.

POPIA gives the Information Regulator teeth – it has extensive powers to investigate and fine responsible parties. Data subjects will be able to complain to the Information Regulator and the Regulator will be able to take action on behalf of data subjects. The Information Regulator is mandated to regulate and enforce compliance with both POPIA and the Promotion of Access to Information Act, 2 of 2000 (PAIA).

PAIA, on the other hand, refers to another constitutional right in terms of the Constitution which provides for the right of access to information, particularly when such information is required for the exercise or protection of any rights. PAIA aims to foster a culture of transparency and accountability in public and private bodies by giving effect to the right of access to information.
POPIA and PAIA, read together, gives effect to the constitutional right to privacy whilst also including justifiable limitations that are aimed at balancing the right to privacy against the right of access to information.

Smaller private companies have until now, been exempted from the requirement to compile a PAIA manual, however as from 1 July 2021, all public and private companies are expected to comply with the provisions of both PAIA and POPIA. Failure to comply can result in heavy fines or imprisonment or both.

The Protection of Personal Information Act (POPIA)

Loader Loading...
EAD Logo Taking too long?
Reload Reload document
| Open Open in new tab

Download [383.12 KB]

Peter Carruthers – The 100% POPI Compliance Project

Small-Business Guide to POPI. All about how POPI will impact small-business owners. Current examples show how some current data breaches go unpunished until the POPI deadline passes. And how these same exposures will result in big fines and jail terms. We look at the crucial issues each business owner must resolve. And we look at a 100% POPI compliance solution or POPI certification.

RSM South Africa 

The Regulations to the Protection of Personal Information Act (“POPIA”) were published in the Government Gazette on 14 December 2018. This webinar looks at a brief overview of POPIA, and the obligations in respect thereof, as well as taking stock of where we are now in terms of the legislation and the regulations.