South Africa Personal Information Act

The Protection of Personal Information Act (POPIA) will become effective on July 1, 2021. South Africa is currently in the one year grace period for companies to be compliant. Any organisation that manages personal data needs to comply with the Act to remain complaint or face hefty fines by the Information Regulator. Fines start from ZAR1 -10 million or one -ten years in jail and may include compensation. 

POPIA applies to both the digital space and physical collections of data. It is recommended that companies appoint Information Officers, start Data Asset Registers making it easier to manage as well as other recommendations and advice that can be solicited by International Law Firms. While this Act is similar to the more well known EU’s GDPR it is not identical. 

Did you know that AI systems will also be effected. Decisions based solely on automated results may have legal consequences. What information will be processed, how will it be used and will this comply with all the sections in the Act? Make sure to empower yourself with practical knowledge, this will effect all companies from big corporates to smaller SMEs. 

For more information please see South African Government site on this new law. 

For more information please contact the U.S. Commercial Service South Africa at office.johannesburg@trade.gov.