The Protection of Personal Information Act No.4 of 2013 (“POPIA”) is nearing its long-awaited implementation. POPIA has introduced 8 principles to govern the collection, use, storage, transfer, sharing and destruction of personal information. The Act applies to all South African businesses and the South African government.

The Act draws largely from the GDPR in the European Eunion and applies international best practice standards that will elevate South Africa’s data privacy protection to facilitate economic trade with nations sensitive about data privacy protection. Failure to comply with POPIA can result in reputational damage, loss of customers, litigation and a fine of up to R10 million or 10 years in jail. You need to understand the in’s and out’s of your data privacy obligations and how to implement the correct systems and processes to comply with POPIA and manage your data privacy risk.

Our expertise include inter alia:

  • Access to personal information

  • Cloud computing

  • Data

  • Direct marketing

  • Documenting processing activities

  • Lawful sourcing of personal information

  • Minimal collection of personal information

  • Mitigating security breaches

  • Notification duty

  • POPI enforcement

  • POPI principles, rules of thumb and checklists

  • Practical advice on how to interpret POPI and how to apply it in your organisation
  • Prior authorisation from the information regulator

  • Responsibilities regarding data quality

  • Retention, restriction and destruction of personal information
  • Securing personal information

  • Special personal information and personal information of children

  • The information officer

  • The outsourcing of personal information processing (operators)

  • Trans-border flow of data

  • Transferring personal information across borders

Samantha Davidson
Partner, Head of Pension Law
Jennifer Finnigan
Partner, Head of Competition Law
Verlie Oosthuizen
Partner, Head of Social Media Law