This archive report was first published on 23 June 2020.
On July 1, South Africa's Protection of Personal Information Act (PoPI) will come into effect, providing a significant boost to data privacy for citizens. The law, which was published on September 11, 2013, aims to balance the right to access information with the right to privacy when public and private bodies process consumer information.
Under the PoPI Act, users will have the right to request information about their personal data held by companies, as well as the right to amend or delete their data. They will also be able to stop companies from processing their data in certain circumstances.
Key Provisions of the PoPI Act ¶
The PoPI Act requires companies to seek consent before using individual data for SMS, emails, and automatic calls. It also provides guidelines on how international firms working with local players must seek consent before accessing consumer data.
Organizations can share data with international players if they prove that it will benefit the user and it is impractical to seek consent. However, the law outlines hefty fines in cases of noncompliance, with the Information regulator having the power to levy fines of over R10 million ($0.57 million) and pursue criminal prosecution.
Companies will be required to maintain records of how, when, and where they obtained personal data, as well as records of consent for use and to what extent.