The Protection Of Personal Information (POPI) Act - Impact On South Africa

South Africa has received its own data protection legislation - the Protection of Personal Information (POPI) Act - in November 2013 and is expecting the government to appoint an Information Regulator to enforce the letter of the law. Until then, South African businesses will have time to get their house in order, but uncertainty exists as to how businesses will be affected when this happens. It is anticipated that the enforcement activities by the Information Regulator will be similar to how it is done by the Information Commissioners Office (ICO) in the United Kingdom. The ICO has been enforcing compliance with the Data Protection Act (DPA) of the United Kingdom since it obtained its enforcement powers in April 2010. This article summarises all actions taken by the ICO from April 2010 until the end of December 2013 to determine the industries most affected, the contraventions with the highest frequency and, where applicable, the highest monetary fines.

This article should provide some insight into what South African businesses can expect after the Information Regulator is appointed and starts to enforce the law. It will also enable them to focus their attention on the safeguarding of business areas with increased data protection risks as well as provide some counter measures that can be taken to prevent punishable contraventions.