PoPIA > PoPI Act > Protection of Personal Information Act


PoPIA > PoPI Act > Protection of Personal Information Act > PoPIA Act Regulations & Compliance Reference Portal > Summary Guide by PoPIA Chapter & Section with Translation Support


PoPIA (PoPI Act) > The Information Regulator will begin the enforcement of PoPIA and PAIA starting July 1, 2021. Every public or private entity must register an Information officer and/or deputy Information officer by March 31, 2021.

Protection of Personal Information Act (PoPIA) provides privacy rights and consumer protection for South Africans.

Key sections of PoPIA took effect on Jul 1, 2020. All businesses, public entities, non-profit organizations, and any other entities must address PoPIA Compliance in a short time, and with minimal impact on the budget. Large companies have teams already working on PoPI Act.

Most mid-size and small businesses are unaware of the law. They need to engage their legal and IT teams to implement PoPIA. Nearly all entities believe that PoPIA means prevention of SPAM, calls from telemarketers, and the ability to opt-out of digital marketing.

This is one of the rights in the PoPI Act, and so are several other rights including delete my data, correct my data, objection to processing, and many others.

What is PoPIA?

The Protection of Personal Information Act (PoPI Act) 4 of 2013 aims:

The PoPI Act


Recognising That—

And Bearing In Mind That—

  • consonant with the constitutional values of democracy and openness, the need for economic and social progress, within the framework of the Information society, requires the removal of unnecessary impediments to the free flow of Information, including personal Information;

And In Order To—

  • regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justifiable limitations that are aimed at protecting other rights and important interests,

PoPIA Guarantee

The Constitution of South Africa guarantees the most general right to privacy for all its citizens. This provides the main protection for personal data privacy so far.

The Protection of Personal Information Act (PoPIA) 2013 was signed into act, focusing on data privacy and is inspired by other foreign national treaties like the United Kingdom. Minimum requirements are presented in PoPI Act (PoPIA) for the act of processing personal data, like the fact that the data subject must provide consent and that the data will be beneficial, and PoPIA will be harsher when related to cross-border international data transfers, specifically with personal Information. The PoPIA Act will be in full effective from 1 July 2020.

The recording of conversations over phone and internet is not allowed without the permission of both parties with the Regulation of Interception of Communications and Provision of Communications Related Act (2002).

In addition, South Africa is part of the Southern African Development Community and the African Union.

Information Regulator

The Information Regulator South Africa is an independent body established in terms of Section 39 of The Protection of Personal Information Act (PoPIA) 4 of 2013. It is subject only to the law and the Constitution and it is accountable to the National Assembly

The Information Regulator is among others, empowered to monitor and enforce Compliance by Public and Private bodies with the provisions of the Promotion of Access to Information Act (PAIA), 2000 (Act 2 of 2000), and the Protection of Personal Information Act (PoPIA), 2013 (Act 4 of 2013)

Contact Information Regulator > https://inforegulator.org.za/contact.html

PoPI Act Commencement

PoPIA Chapters 1 – 12

PoPIA > PoPI Act > Protection of Personal Information Act > PoPIA Act Regulation & Compliance Reference Portal > Summary Guide