South Africa’s privacy law takes effect

The bulk of South Africa’s Protection of Personal Information Act (2013) became law on 1 July after a seven-year build up.

The long lead in was so that proposed innovations in the EU’s General Data Protection Regulation (GDPR) could be considered and to give the South Africa Information Regulator (SAIR) time to develop operational capabilities, according to lawyers in the country.

The act’s core aim is to promote protection of personal information processed by public and private bodies.

The 93 sections which took effect on 1 July cover stipulating the SAIR’s duties; how information is processed; codes of conduct; individuals’ rights related to direct marketing, directories and automated decision making; regulating flow of personal information abroad; and enforcement, penalties and fees.

Provisions for making amendments is scheduled to come into law on 30 June next year.


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.