Michalsons

Home/Michalsons

About Michalsons

These blog entries are written in collaboration with Michalsons and attorneys who are the subject matter experts in their respective focus areas. Our attorneys specialise in various fields of law and provide commercially effective and practical advice. Read more about our people...

How do I comply with POPI or POPIA?

Wouldn't it be lovely if there were a comprehensive checklist that could help you comply with POPI or POPIA? Because the Protection of Personal Information (POPI) Act in South Africa is a principle-based law, it is not possible to [...]

By |2025-04-24T14:35:24+02:00April 8th, 2025|Categories: POPI and Data Protection|Tags: , , , , |
Read More

Advanced Computer Software Group enforcement action | Ransomware

The Information Commissioner’s Office (ICO) has fined Advanced Computer Software Group Ltd (ACSG) £3.07 million following a ransomware incident that exposed the personal data of 79,404 people. The ICO found that ACSG failed to implement adequate security measures, leaving [...]

By |2025-03-27T15:29:26+02:00March 27th, 2025|Categories: POPI and Data Protection|Tags: , , , |
Read More

Nigerian data controller and processor registration

As Nigeria keeps stepping up its data protection game, companies looking to do business there must stay on top of what’s required under the Nigeria Data Protection Act (NDPA) 2023. One key thing to know is that under the NDPA, [...]

By |2025-03-26T09:30:00+02:00March 25th, 2025|Categories: POPI and Data Protection|Tags: , , |
Read More

PAIA section 32 report for public bodies | PAIA annual report

The information officer of every public body in South Africa must submit a PAIA section 32 report to the Information Regulator annually. Section 32 of PAIA makes it compulsory - a regulatory requirement. PAIA gives effect to section 32 [...]

By |2025-03-20T15:01:56+02:00March 18th, 2025|Categories: Access to Information|Tags: , , , |
Read More

PAIA section 83(4) report for private bodies | PAIA report

All private bodies must submit a PAIA section 83(4) report (PAIA report) to the information regulator according to a notice the regulator published. The regulator has requested private bodies to submit this report annually in terms of section 83(4) [...]

By |2025-03-20T15:03:16+02:00March 17th, 2025|Categories: Access to Information|Tags: , , , |
Read More

Information regulator annual performance plan for 2025 to 2026 APP

The information regulator has presented its draft annual performance plan (regulator APP) for 1 April 2025 to 31 March 2026. It has presented them in different formats to different audiences. For example, the regulator held a stakeholder engagement on 5 [...]

By |2025-03-26T11:52:16+02:00March 5th, 2025|Categories: Access to Information, POPI and Data Protection|Tags: , |
Read More

Do you need to register as a Cryptography Provider?

You need to register as a cryptography provider if you provide encryption-related products and services or electronic-signature-related offerings. Cryptography and encryption present a challenge to security-conscious governments in that it allows you to conceal your message content from the authorities. [...]

By |2025-03-20T11:30:32+02:00March 5th, 2025|Categories: IT Law|Tags: , , , , |
Read More

Information Regulator in South Africa

The Information Regulator was created by the Protection of Personal Information Act (POPI Act). POPI gives the Information Regulator teeth - it has extensive powers to investigate and fine responsible parties. Data subjects can complain to the Information Regulator [...]

By |2025-03-05T13:26:37+02:00March 5th, 2025|Categories: Access to Information, POPI and Data Protection|Tags: , , , , |
Read More