PoPIA

PoPIA Act

PoPIA Act

PoPIA > PoPI Act > Protection of Personal Information Act > PoPIA Act Regulations & Compliance Reference Portal > Summary Guide by PoPIA Chapter & Section with Translation Support

Foreword

PoPIA (PoPI Act) Compliance > The Information Regulator will begin the enforcement of PoPIA and PAIA starting July 1, 2021. Every public or private entity must register an information officer and/or deputy information officer by March 31, 2021.

Protection of Personal Information Act (PoPI Act or PoPIA) provides privacy rights and consumer protection for South Africans.

The PoPI Act (Protection of Personal Information Act or PoPIA) took effect on Jul 1, 2020. All businesses, public entities, non-profit organizations, and any other entities must address PoPIA Act compliance in a short time, and with minimal impact on the budget. Large companies have teams already working on PoPI Act.

Most mid-size and small businesses are unaware of the law. They need to engage their legal and IT teams to implement PoPIA Act. Nearly all entities believe that PoPIA means prevention of SPAM, calls from telemarketers, and the ability to opt-out of digital marketing.

This is one of the rights in the PoPI Act, and so are several other rights including delete my data, correct my data, objection to processing, and many others.

What is the PoPIA Act?

The Protection of Personal Information Act (PoPIA) 4 of 2013 aims:

  • to promote the protection of personal information processed by public and private bodies;
  • to introduce certain conditions so as to establish minimum requirements for the processing of personal information;
  • to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act (PAIA), 2000;
  • to provide for the issuing of codes of conduct;
  • to provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  • to regulate the flow of personal information across the borders of the Republic; and
  • to provide for matters connected therewith.


The PoPI Act

Preamble

Recognising That—

  • section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy;
  • the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information;
  • the State must respect, protect, promote and fulfil the rights in the Bill of Rights;

And Bearing In Mind That—

  • consonant with the constitutional values of democracy and openness, the need for economic and social progress, within the framework of the information society, requires the removal of unnecessary impediments to the free flow of information, including personal information;

And In Order To—

  • regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justifiable limitations that are aimed at protecting other rights and important interests,


PoPIA Act Guarantee

The Constitution of South Africa guarantees the most general right to privacy for all its citizens. This provides the main protection for personal data privacy so far.

The Protection of Personal Information Act (PoPIA or PoPI Act) of 2013 was signed into act, focusing on data privacy and is inspired by other foreign national treaties like the United Kingdom. Minimum requirements are presented in PoPI Act (PoPIA) for the act of processing personal data, like the fact that the data subject must provide consent and that the data will be beneficial, and PoPIA Act will be harsher when related to cross-border international data transfers, specifically with personal information. The PoPIA will be in full effective from 1 July 2020.

The recording of conversations over phone and internet is not allowed without the permission of both parties with the Regulation of Interception of Communications and Provision of Communications Related Act (2002).

In addition, South Africa is part of the Southern African Development Community and the African Union.



Information Regulator

The Information Regulator South Africa is an independent body established in terms of Section 39 of The Protection of Personal Information Act (PoPIA) 4 of 2013. It is subject only to the Law and the Constitution and it is accountable to the National Assembly

The Information Regulator is among others, empowered to monitor and enforce compliance by Public and Private bodies with the provisions of the Promotion of Access to Information Act (PAIA), 2000 (Act 2 of 2000), and the Protection of Personal Information Act (PoPIA), 2013 (Act 4 of 2013)

Contact Information Regulator > https://inforegulator.org.za/contact-us/

PoPI Act Commencement

PoPIA Chapters 1 – 12



PoPIA Index

  • PoPIA SECTION 1 > Definitions
  • PoPIA SECTION 2 > Purpose
  • PoPIA SECTION 3 > Application and Interpretation
  • PoPIA SECTION 4 > Lawful Processing of Personal Information
  • PoPIA SECTION 5 > Rights of Data Subjects
  • PoPIA SECTION 6 > Exclusions
  • PoPIA SECTION 7 > Exclusion for Journalistic, Literary or Artistic purposes
  • PoPIA SECTION 8 > Responsible Party
  • PoPIA SECTION 9 > Lawfulness of Processing
  • PoPIA SECTION 10 > Minimality
  • PoPIA SECTION 11 > Consent, Justification and Objection
  • PoPIA SECTION 12 > Collection directly from data subject
  • PoPIA SECTION 13 > Collection for specific purpose
  • PoPIA SECTION 14 > Retention and restriction of records
  • PoPIA SECTION 15 > Further processing to comply with purpose of collection
  • PoPIA SECTION 16 > Quality of information
  • PoPIA SECTION 17 > Documentation
  • PoPIA SECTION 18 > Notification to data subject when collecting personal information
  • PoPIA SECTION 19 > Security measures on integrity and confidentiality of personal information
  • PoPIA SECTION 20 > Information processed by operator or person acting under authority
  • PoPIA SECTION 21 > Security measures regarding information processed by operator
  • PoPIA SECTION 22 > Notification of security compromises
  • PoPIA SECTION 23 > Access to Personal Information
  • PoPIA SECTION 24 > Correction of Personal Information
  • PoPIA SECTION 25 > Manner of Access
  • PoPIA SECTION 26 > Prohibition on processing of special personal information
  • PoPIA SECTION 27 > General authorisation concerning special personal information
  • PoPIA SECTION 28 > Authorisation concerning data subject’s religious or philosophical beliefs
  • PoPIA SECTION 29 > Authorisation concerning data subject’s race or ethnic origin
  • PoPI Act SECTION 30 > Authorisation concerning data subject’s trade union membership
  • PoPI Act SECTION 31 > Authorisation concerning data subject’s political persuasion
  • PoPI Act SECTION 32 > Authorisation concerning data subject’s health or sex life
  • PoPI Act SECTION 33 > Authorisation concerning data subject’s criminal behaviour or biometric information
  • PoPI Act SECTION 34 > Prohibition on processing personal information of children
  • PoPI Act SECTION 35 > General authorisation concerning personal information of children
  • PoPI Act SECTION 36 > General
  • PoPI Act SECTION 37 > Regulator may exempt processing of personal information
  • PoPI Act SECTION 38 > Exemption in respect of certain functions
  • PoPI Act SECTION 39 > Establishment of Information Regulator
  • PoPI Act SECTION 40 > Powers, duties and functions of Regulator
  • PoPI Act SECTION 41 > Appointment, term of office and removal of members of Regulator
  • PoPI Act SECTION 42 > Vacancies
  • PoPI Act SECTION 43 > Powers, duties and functions of Chairperson and other members
  • PoPI Act SECTION 44 > Regulator to have regard to certain matters
  • PoPI Act SECTION 45 > Conflict of Interest
  • PoPI Act SECTION 46 > Remuneration, allowances, benefits and privileges of members
  • PoPI Act SECTION 47 > Staff
  • PoPI Act SECTION 48 > Powers, duties and functions of CEO
  • PoPI Act SECTION 49 > Committees of Regulator
  • PoPI Act SECTION 50 > Establishment of Enforcement Committee
  • PoPI Act SECTION 51 > Meetings of Regulator
  • PoPI Act SECTION 52 > Funds
  • PoPI Act SECTION 53 > Protection of Regulator
  • PoPI Act SECTION 54 > Duty of confidentiality
  • PoPI Act SECTION 55 > Duties and responsibilities of Information Officer
  • PoPI Act SECTION 56 > Designation and delegation of deputy information officers
  • PoPI Act SECTION 57 > Processing subject to prior authorisation
  • PoPI Act SECTION 58 > Responsible party to notify Regulator if processing is subject to prior authorisation
  • PoPI Act SECTION 59 > Failure to notify processing subject to prior authorisation
  • PoPI Act SECTION 60 > Issuing of codes of conduct
  • PoPI Act SECTION 61 > Process for issuing codes of conduct
  • PoPI Act SECTION 62 > Notification, availability and commencement of code of conduct
  • PoPI Act SECTION 63 > Procedure for dealing with complaints
  • PoPI Act SECTION 64 > Amendment and revocation of codes of conduct
  • PoPI Act SECTION 65 > Guidelines about codes of conduct
  • PoPI Act SECTION 66 > Register of approved codes of conduct
  • PoPI Act SECTION 67 > Review of operation of approved code of conduct
  • PoPI Act SECTION 68 > Effect of failure to comply with code of conduct
  • PoPI Act SECTION 69 > Direct marketing by means of unsolicited electronic communications
  • PoPI Act SECTION 70 > Directories
  • PoPI Act SECTION 71 > Automated decision making
  • PoPI Act SECTION 72 > Transfers of personal information outside Republic
  • PoPI Act SECTION 73 > Interference with protection of personal information of data subject
  • PoPI Act SECTION 74 > Complaints
  • PoPI Act SECTION 75 > Mode of complaints to Regulator
  • PoPI Act SECTION 76 > Action on receipt of complaint
  • PoPI Act SECTION 77 > Regulator may decide to take no action on complaint
  • PoPI Act SECTION 78 > Referral of complaint to regulatory body
  • PoPI Act SECTION 79 > Pre-investigation proceedings of Regulator
  • PoPI Act SECTION 80 > Settlement of complaints
  • PoPI Act SECTION 81 > Investigation proceedings of Regulator
  • PoPI Act SECTION 82 > Issue of warrants
  • PoPI Act SECTION 83 > Requirements for issuing of warrant
  • PoPI Act SECTION 84 > Execution of warrants
  • PoPI Act SECTION 85 > Matters exempt from search and seizure
  • PoPI Act SECTION 86 > Communication between legal adviser and client exempt
  • PoPI Act SECTION 87 > Objection to search and seizure
  • PoPI Act SECTION 88 > Return of warrants
  • PoPI Act SECTION 89 > Assessment
  • PoPI Act SECTION 90 > Information notice
  • PoPI Act SECTION 91 > Parties to be informed of result of assessment
  • PoPI Act SECTION 92 > Matters referred to Enforcement Committee
  • PoPI Act SECTION 93 > Functions of Enforcement Committee
  • PoPI Act SECTION 94 > Parties to be informed of developments during and result of investigation
  • PoPI Act SECTION 95 > Enforcement notice
  • PoPI Act SECTION 96 > Cancellation of enforcement notice
  • PoPI Act SECTION 97 > Right of appeal
  • PoPI Act SECTION 98 > Consideration of appeal
  • PoPI Act SECTION 99 > Civil remedies
  • PoPI Act SECTION 100 > Obstruction of Regulator
  • PoPI Act SECTION 101 > Breach of confidentiality
  • PoPI Act SECTION 102 > Obstruction of execution of warrant
  • PoPI Act SECTION 103 > Failure to comply with enforcement or information notices
  • PoPI Act SECTION 104 > Offences by witnesses
  • PoPI Act SECTION 105 > Unlawful acts by responsible party in connection with account number
  • PoPI Act SECTION 106 > Unlawful acts by third parties in connection with account number
  • PoPI Act SECTION 107 > Penalties
  • PoPI Act SECTION 108 > Magistrate’s Court jurisdiction to impose penalties
  • PoPI Act SECTION 109 > Administrative fines
  • PoPI Act SECTION 110 > Amendment of laws
  • PoPI Act SECTION 111 > Fees
  • PoPI Act SECTION 112 > Regulations
  • PoPI Act SECTION 113 > Procedure for making regulations
  • PoPI Act SECTION 114 > Transitional arrangements
  • PoPI Act SECTION 115 > Short title and commencement

PoPIA > PoPI Act > Protection of Personal Information Act > PoPIA Act Regulation & Compliance Reference Portal > Summary Guide

Translate
POPIA