POPI and Data Protection

Home/POPI and Data Protection

The protection of personal information, and privacy and data protection laws (including the GDPR and the POPI Act or POPIA) are key laws in today’s information society. Information compliance or information rights are central to so many disputes. Read our insights, regulatory updates, judgment summaries, enforcement action (including fines and notes), data breaches or authority guidance.

Personal data deletion rights: Navigating your responsibilities

Personal data deletion rights aren't just paperwork — they're like removing permanent marker from a whiteboard: simple to describe but tricky to do correctly. Data protection laws now give people more rights to control their personal information. One crucial right [...]

By |2025-04-10T10:45:22+02:00April 8th, 2025|Categories: POPI and Data Protection|Tags: , |
Read More

How do I comply with POPI or POPIA?

Wouldn't it be lovely if there were a comprehensive checklist that could help you comply with POPI or POPIA? Because the Protection of Personal Information (POPI) Act in South Africa is a principle-based law, it is not possible to [...]

By |2025-04-09T16:11:38+02:00April 8th, 2025|Categories: POPI and Data Protection|Tags: , , , , |
Read More

Rules for the processing of health information or sex life

The information regulator may prescribe more detailed rules for the processing of health information or sex life (section 32(6)) by making Health and Sex Life Regulations (section 112(2)(c)). The rules would apply to specific responsible parties who process personal information [...]

By |2025-04-09T11:49:23+02:00April 1st, 2025|Categories: POPI and Data Protection|Tags: , , , , , |
Read More

Advanced Computer Software Group enforcement action | Ransomware

The Information Commissioner’s Office (ICO) has fined Advanced Computer Software Group Ltd (ACSG) £3.07 million following a ransomware incident that exposed the personal data of 79,404 people. The ICO found that ACSG failed to implement adequate security measures, leaving [...]

By |2025-03-27T15:29:26+02:00March 27th, 2025|Categories: POPI and Data Protection|Tags: , , , |
Read More

Nigerian data controller and processor registration

As Nigeria keeps stepping up its data protection game, companies looking to do business there must stay on top of what’s required under the Nigeria Data Protection Act (NDPA) 2023. One key thing to know is that under the NDPA, [...]

By |2025-03-26T09:30:00+02:00March 25th, 2025|Categories: POPI and Data Protection|Tags: , , |
Read More

Construction Education and Training Authority (CETA) v V2 Digital and Another | Data migration

Construction Education and Training Authority (CETA) v V2 Digital and Another case centres on data migration disputes and POPIA's provisions relating to data governance, after CETA terminated its ICT service agreement with V2 Digital. Who should care about this judgment [...]

By |2025-04-01T17:39:09+02:00March 24th, 2025|Categories: Data governance, POPI and Data Protection|Tags: , , |
Read More

Guidance note on cross-border transfers to and from South Africa

The regulator will publish a guidance note on cross-border transfers to and from South Africa in terms of POPIA. They will not wait for the finalisation of the African Continental Free Trade Agreement. They have been consulting with other authorities, [...]

By |2025-03-06T07:39:10+02:00March 6th, 2025|Categories: Information Law, POPI and Data Protection|Tags: , |
Read More

Information regulator annual performance plan for 2025 to 2026 APP

The information regulator has presented its draft annual performance plan (regulator APP) for 1 April 2025 to 31 March 2026. It has presented them in different formats to different audiences. For example, the regulator held a stakeholder engagement on 5 [...]

By |2025-03-26T11:52:16+02:00March 5th, 2025|Categories: Access to Information, POPI and Data Protection|Tags: , |
Read More

Gated access communities code of conduct under POPIA

The information regulator will publish a Gated Communities Code of Conduct under POPIA, specifying how a gated access community may process visitors' personal information. According to the regulator on 5 March 2025, there has been a public outcry on this [...]

By |2025-04-15T10:50:45+02:00March 5th, 2025|Categories: POPI and Data Protection|Tags: |
Read More