Protection of Personal Information Act, 2013

Protection of Personal Information Act, 2013
Parliament of South Africa
  • Act to promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.
CitationAct No. 4 of 2013
Territorial extentRepublic of South Africa
Enacted byParliament of South Africa
Assented to19 November 2013
Commenced1 July 2020
Keywords
Status: In force
This article is about South African privacy legislation. For the food, see Popiah. For the 1976 TV series, see Popi (TV series). For the Greek singer, see Popi Malliotaki.

The Protection of Personal Information Act (PoPIA or the PoPI Act) is a piece of legislation which governs the law of data protection and privacy in South Africa.[1] The act was passed to regulate the right to privacy, as enshrined by section 14 of the Constitution of South Africa, and would work in conjunction with the Promotion of Access to Information Act. The President of South Africa assented to the Act on 19 November 2013. As part of the regulation a new government agency was created, the Information Regulator,[2] an independent body which is empowered to monitor and enforce compliance of the PoPI Act within the public and private sector. The act came into force 1 July 2020, which commenced a one-year grace period during which all South African entities were expected to become compliant. The grace period ended 30 June 2021, with the commencement of the act on the 1 July 2021.[3][4][5]

Core Obligations

The PoPI Act sets out several core obligations.[6] Some of the key requirements include:

  1. Personal information can only be processed:
    • with the consent of the data subject; or
    • if it is necessary for the conclusion or performance of a contract that a data subject is a party to; or
    • it is required by law; or
    • it protects a legitimate interest of a data subject; or
    • if processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
  2. Private and public entities must report data leaks to the affected people and the Information Regulator.
  3. Organisations must appoint a responsible person who must ensure compliance to the PoPI Act.
  4. Cross-border transfers of personal data are restricted.
  5. Organisations that process personal information must ensure they satisfy minimum security obligations.
  6. Direct marketing, the sale and use of electronic directories and automated decision making are also severely curtailed.
  7. The act elevates the obligations placed on entities that process information regarding children, religious beliefs, race, ethnic origin, trade union membership, health, sex life, criminal behaviour and biometric information.

Jurisdiction

The PoPI Act applies to all persons and organisations within the borders of South Africa, and extends to visitors and illegal immigrants.[7]

Penalties

Penalties under the Act include fines of up to R10 million and a jail sentence of up to 10 years.[8] In July 2023, The Information Regulator fined the Department of Justice and Constitutional Development R5 million rand.[9][10]

Information Regulator
Agency overview
Formed1 July 2020 (2020-07-01)
JurisdictionSouth Africa
HeadquartersJD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Agency executives
  • Adv. Pansy Tlakula, Chairperson
  • Mosalanyane Mosala, CEO
Websiteinforegulator.org.za

Information Regulator

The Information Regulator is an independent body created in response to the PoPI and PAIA acts. It is empowered to monitor and enforce compliance of the acts within the public and private sector. It functions in terms of the two acts and is accountable to the National Assembly of South Africa.

Cybercrimes Act

South Africa does not yet have a formal cohesive piece of legislation in force which governs cybercrimes in South Africa. The Cybercrimes Act has been signed by the President of South Africa, and will come into force on a date to be proclaimed in the Government Gazette. The period between assent and commencement will be spent developing operating procedures and other documented processes for the implementation of provisions of the Act.[11]

References

  1. ^ "Protection of Personal Information Act 4 of 2013". South African Government website. Retrieved 4 May 2022.
  2. ^ "Welcome to Information Regulator South Africa". Information Regulator. 20 August 2020. Retrieved 4 May 2022.
  3. ^ Moyo, Admire (22 June 2021). "POPIA prior authorisation commencement date set for 2022". ITweb. Retrieved 4 May 2022.
  4. ^ "Protection of Personal Information Act: Commencement of certain sections" (PDF).
  5. ^ "Protection of Personal Information Act: Commencement of section 58(2)" (PDF).
  6. ^ "Acts - Information Regulator". Information Regulator. 3 March 2022. Retrieved 4 May 2022.
  7. ^ "POPI and the transfer of personal information outside of South Africa". Tonkin Clacey Inc. Retrieved 4 May 2022.
  8. ^ Ramalepe, Phumi. "SA's new privacy laws are in effect – companies that fail to comply can be fined up to R10m". Business Insider. Retrieved 4 May 2022.
  9. ^ "Information regulator fines justice department R5 million".
  10. ^ "Information Regulator - Infringement notice and R5 Million administrative fine issued to the Department of Justice and constitutional Development for contravention of POPIA" (PDF).
  11. ^ Williams, Grant (26 July 2021). "The newly enacted Cybercrimes Act and what it means for South Africans". Golegal. Retrieved 4 May 2022.

 

Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi