PDF

PoPI Act PDF Download

Protection of Personal Information Act (PoPIA) South Africa 2021/2022 PDF Download

Protection of Personal Information Act (PoPIA) Forms
Promotion of Access to Information Act (PAIA) Forms
Information Officers
  1. Notification of a security compromise in terms of Section 22 of Protection of Personal Information Act, 4 of 2013 (POPIA), 22 Sep 2021 In terms of section 22 of the Protection of Personal Information Act No. 4 of 2013 (POPIA), where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorized person, the responsible party must notify the Information Regulator (Regulator) and the data subject, unless the identity of such data subject cannot be established.
  2. Notice: Exemption of certain private bodies from compiling manual, 29 Jun 2021 Promotion of Access to Information Act, 2000 (Act No. 2 of 2000): Exemption of certain private bodies from compiling manual, 29 Jun 2021
  3. Guidance note on processing of Special Personal Information, 28 June 2021 The purpose of this Guidance Note is to guide responsible parties who are required to obtain authorization from the Regulator to process special personal information, as provided for in section 27(2) of POPIA. FORM: Follow this link for the Application form for authorisation to process Special Personal Information 
  4. Guidance note on exemptions from the conditions for lawful processing of personal information in terms of Section 37 and 38 of the Protection of Personal Information Act 4 of 2013, 21 June 2021POPIA prescribes the eight (8) conditions for the lawful processing of personal information by or for a responsible party. These conditions are not applicable to the processing of personal information to the extent that such processing is exempted in terms of section 37 or 38, from one or more of the conditions concerned in relation to such processing.FORM:  Follow this link for the Exemption Application Form
  5. Notice in terms of the commencement date of section 58(2), 18 June 2021 The Information Regulator has, in terms of section 114(3) of the Protection of Personal Information Act, 2013 (No.4 of 2013), determined the 1 February 2022 as the date on which section 58(2) of the Protection of Personal Information Act, 2013 (No.4 of 2013) shall become applicable to processing referred to in section 57 of the said Act.
  6. Guidance Note on Information Officers and Deputy Information Officers, 01 Apr 2021The purpose of this Guidance Note is to provide guidance and procedures for the obligations and liabilities of Information Officers and Deputy Information Officers, registration of Information Officers with the Information Regulator, updating the details of Information Officers, designation of Deputy Information Officers and delegation of duties and responsibilities of the Information Officers to the Deputy Information Officers.FORM: Application form for Registration of Information Officers  
  7. Guidance Note on applications for Prior Authorisation, 11 Mar 2021This Guidance Note is issued to guide responsible parties who are currently processing or intend to process personal information which is subject to prior authorization to ensure compliance with the relevant provisions of the Protection of Personal Information Act 4 of 2013 (POPIA).Invitation for applications for Prior Authorization, 11 Mar 2021 Responsible parties may submit their applications for prior authorization by completing the Application Form for Prior Authorization on applications for prior authorization
  8. Guidance Note on the processing of personal information in the management and containment of Covid-19 Pandemic in terms of the Protection of Personal Information Act 4 Of 2013 (POPIA), 03 Apr 2020
  9. Guidance Note on the processing of personal information of a Voter by a Political Party in terms of the Protection of Personal Information Act, 4 of 2013, 28 Jan 2019
Codes of Conducts

Follow this link to view guidelines to develop a Code of Conduct, a checklist, a standard and notices relating to Codes of Conduct published. Notice relating to Codes of Conduct issued in accordance with the provision of section 63(2)(a)(ii)( of the Protection of Personal Information Act No 4 of 2013 (POPIA). Kindly email applications for codes of conduct to: POPIACompliance@inforegulator.org.za

Guidelines to develop Code of Conduct, 15 Feb 2021, issued under the Protection of Personal Information Act 4 of 2013 (POPIA). Xhosa Version

  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Code of Conduct from WILLCOM (Pty) Ltd, 02 August 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator gives notice that the Regulator is in receipt of a code of conduct from WILLCOM (PTY) LTD, a company functioning in the telecommunication and information industry. The code deals with how personal information will be processed by the company. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 13th August 2021. A notice will also be published in the Government Gazette in compliance with section 61 (2) of POPIA.
  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Code of Conduct from Silk Route Gold (Pty) Ltd, 02 August 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator gives notice that the Regulator is in receipt of a code of conduct from SILK ROUTE GOLD (PTY) LTD, a full-service company that specializes in the processing of responsibly sourced precious metals. The code deals with how personal information will be processed by the company. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 13th August 2021. A notice will also be published in the Government Gazette in compliance with section 61 (2) of POPIA.
  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Code of Conduct from Rockjumper Birding Tours CC, 02 August 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator gives notice that the Regulator is in receipt of a code of conduct from ROCKJUMPER BIRDING TOURS CC, a close corporation which offers birding adventure. The code deals with how personal information will be processed by the close corporation. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 13th August 2021. A notice will also be published in the Government Gazette in compliance with section 61 (2) of POPIA.
  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Code of Conduct from National Radiology Services Inc, 02 August 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator gives notice that the Regulator is in receipt of a code of conduct from National Radiology Services Inc, a medical service provider in the Radiology industry. The code deals with how personal information will be processed by the company. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 13th August 2021. A notice will also be published in the Government Gazette in compliance with section 61 (2) of POPIA.
  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Code of Conduct from Regio Independent School, 02 August 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator gives notice that the Regulator is in receipt of a code of conduct from REGIO INDEPENDENT SCHOOL, a company which is an independent school consisting of Pre-primary and primary education. The code deals with how personal information will be processed by the company. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 13th August 2021. A notice will also be published in the Government Gazette in compliance with section 61 (2) of POPIA.
  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Banking Association South Africa (BASA), Lawful processing of personal information by member Banks, 08 June 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator gives notice that the Regulator is in receipt of a code of conduct from the Banking Association South Africa (BASA) that deals with how personal information will be processed by member banks. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 30th June 2021. A notice will be published in the Government Gazette in compliance with section 61 (2) of POPIA on the 11th June 2021. Code of conduct from the Banking Association South Africa�(BASA)
  • Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Credit Bureau Association (CBA), Code of Conduct: Lawful Processing of Personal Information in credit Sector, 14 Apr 2021 In terms of the provisions of section 61 (2) of POPIA, the Information Regulator (South Africa) gives notice that the Regulator is in receipt of a Code of Conduct from the Credit Bureau Association (CBA) that deals with how personal information will be processed in the credit sector. Affected persons are invited to submit written comments to the Regulator (email address: POPIACompliance@inforegulator.org.za) till the 30 April 2021. A notice will be published in the Government Gazette in compliance with Section 61(2) of POPIA on the 23 April 2021.
Exemptions

Guidance note on exemptions from the conditions for lawful processing of personal information in terms of Section 37 and 38 of the Protection of Personal Information Act 4 of 2013, 21 June 2021 POPIA prescribes the eight (8) conditions for the lawful processing of personal information by or for a responsible party. These conditions are not applicable to the processing of personal information to the extent that such processing is exempted in terms of section 37 or 38, from one or more of the conditions concerned in relation to such processing. FORM:  Follow this link for the Exemption Application Form

Prior Authorisation

Guidance Note on applications for Prior Authorisation, 11 Mar 2021 This Guidance Note is issued to guide responsible parties who are currently processing or intend to process personal information which is subject to prior authorization to ensure compliance with the relevant provisions of the Protection of Personal Information Act 4 of 2013 (POPIA). Invitation for applications for Prior Authorization, 11 Mar 2021 Responsible parties may submit their applications for prior authorization by completing the Application Form for Prior Authorization on applications for prior authorization

Processing of Special information

Guidance note on processing of Special Personal Information, 28 June 2021 The purpose of this Guidance Note is to guide responsible parties who are required to obtain authorization from the Regulator to process special personal information, as provided for in section 27(2) of POPIA. FORM: Follow this link for the Application form for authorisation to process Special Personal Information 

Guidance Notes

Guidance Note on the processing of personal information in the management and containment of Covid-19 Pandemic in terms of the Protection of Personal Information Act 4 Of 2013 (POPIA), 03 Apr 2020

Notices
  • GG 45306, GeN 596 – Protection of Personal Information Act: Code of Conduct: Credit Bureau Association (CBA): Comments invited by 26 Oct 2021, 12 Oct 2021 [Amendment Note: Code included in Gazette, 15 Oct
  • GG 45120, GoN 829 – Protection of Personal Information Act: Amendments to Regulations: Comments invited by 30 Sep 2021, 09 Sep 2021. [Amendment Note: Submition of comments extended to 15 Nov 2021]
  • GG 44881, GoN 644, 23 Jul 2021 – Protection of Personal Information Act: Notice of Code of Conduct: Rockjumpter Birding Tours CC and Willcom (Pty) Ltd – Comment by 14 Aug 2021
  • Promotion of Access to Information Act: Exemption of certain private bodies from compiling manual, GG 44785, GeN 397, 30 Jun 2021
  • Protection of Personal Information Act: Information Regulator: Amendment (English/Afrikaans), GG 44782, GeN 395, 30 Jun 2021. Determine 1 February 2022 as the date on which section 58(2) of the Protection of Personal Information Act, 2013 (No.4 of 2013) shall become applicable to processing referred to in section 57 of the said Act.
  • GG 44761, GoN 560, 25 Jun 2021 – Protection of Personal Information Act: Information Regulator: Amendment. Determine 1 February 2022 as the date on which section 58(2) of the Protection of Personal Information Act, 2013 (No.4 of 2013) shall become applicable to processing referred to in section 57 of the said Act.
  • GG 44690, GoN 492, 11 Jun 2021 – Protection of Personal Information Act: Code of Conduct: Banking Association South Africa (BASA): Comments invited
  • GG 44479 GON 221, 23 Apr 2021 – Invitation for public comments on the Promotion of Access to Information Act, 2000 (Act 2 of 2000): Proposed draft Regulations relating to the Promotion of Access to Information. The comments on the draft Regulations must be submitted on or before 17 May 2021.
  • GG 44459, GeN 209, 16 Apr 2021 – Protection of Personal Information Act: Credit Bureau Association: Codes of Conduct. In terms of the provisions of section 61 (2) of POPIA, the Information Regulator (South Africa) gives notice that the Regulator is in receipt of a Code of Conduct from the Credit Bureau Association (CBA) that deals with how personal information will be processed in the credit sector.
  • GG 44383, GoN 297, 1 Apr 2021 – Protection of Personal Information Act: Commencement of section 58(2). The Information Regulator has determined the 1 July 2021 as the date on which section 58(2) of the Protection of Personal Information Act, 2013 (No.4 of 2013) shall become applicable to processing referred to in section 57 of the said Act.
  • GG 42110, RG 10897, GoN 1383, 14 Dec 2018 – Protection of Personal Information Act: Regulations: Information register (English / Afrikaans). The Information Regulator (Regulator) have tabled the Regulations in Parliament on 03 December 2018 and the Regulations were published in the Government Gazette on 14 Dec 2018.
  • GG 41105, GoN 709, 08 Sep 2017 – Protection of Personal Information Act, 2013 (Act. 4 of 2013): Invitation to comment on Draft Regulations relating to the Protection of Personal Information. Deadline for comments is 07 Nov 2017.
  • INVITATION FOR PUBLIC COMMENTS ON THE DRAFT REGULATIONS OF THE INFORMATION REGULATOR IN TERMS OF SECTION 112(2) OF THE PROTECTION OF PERSONAL INFORMATION ACT 2013 (ACT NO 4 OF 2013)The Regulator has gazetted its draft Regulations in terms of Section 112(2) of Act. No.4 of 2013 on 8th September 2017 for comments which to provide such comments will close of 7th November 2017. To this end, the Regulator intends to visit all the provinces with the aim to solicit comments on its draft Regulations. Follow this link to view the Time Table of Activities & Provincial Consultations [Updated 08 Nov 2017]
  • GG 37067 No. 912 [334kb] Protection of Personal Information Act [No. 4 of 2013], 26 Nov 2013
Forms

Forms relating to the Protection of Personal Information Act, 2013 (Act no. 4 of 2013)

(Some PDF links may be broken due to Information Regulator Document Database restructuring)

Information Regulator

Scroll To Top