Guidance note by information regulator

The information regulator in South Africa publishes guidance notes from time to time. According to the regulator, they are advisory and are not binding on the regulator or any other party. They do not amend or supplement the legal effect or interpretation of laws (including POPIA). You must not construe the guidance note to limit or restrict the regulator’s administration and enforcement of POPIA. If there is a conflict of meaning between the law (including POPIA or the POPIA regulations) and any guidance note, the law prevails. Our insights on the guidance notes do not constitute legal advice.

Only some are linked below. To read all previous insights and be alerted to future insights, join the relevant Michalsons programme. You can view the public and the “Members only” ones if you are a member and logged in.

Notification of security compromise to the Information Regulator | Guideline and support

The information regulator published a Guideline on notification of security compromises to the information regulator in July 2020. The guideline explains the procedure responsible parties or information officers should follow to notify the regulator of a security compromise or data [...]

By |2025-04-23T13:35:59+02:00April 7th, 2025|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , , , |
Read More

Guidance note on cross-border transfers to and from South Africa

The regulator will publish a guidance note on cross-border transfers to and from South Africa in terms of POPIA. They will not wait for the finalisation of the African Continental Free Trade Agreement. They have been consulting with other authorities, [...]

By |2025-09-17T13:54:20+02:00March 6th, 2025|Categories: Information Law, POPI and Data Protection|Tags: , |
Read More

Guidance note on direct marketing in South Africa

The regulator has issued a guidance note on direct marketing as regulated by section 69 of POPIA. The regulator has noted on many occasions that it has received an increasing number of complaints about the processing of personal information in [...]

By |2025-02-19T08:58:02+02:00December 4th, 2024|Categories: Marketing Law, POPI and Data Protection|Tags: , , |
Read More

Guidance note on the processing of personal information of a voter by a political party and independent candidate

The information regulator issued a new guidance note on the processing of personal information of a voter by political parties and independent candidates as well as highlighting how to combat misinformation and disinformation in terms of the provisions of the [...]

By |2024-09-11T14:39:59+02:00May 16th, 2024|Categories: Access to Information, POPI and Data Protection|Tags: , , , , , , , |
Read More

Guidelines on procedures for making information electronically available

The information regulator issued a guideline on procedures for making information electronically available (dated March 2022). The purpose of the guideline is to recommend the procedures for public and private bodies to make information electronically available to enable people to obtain [...]

By |2024-02-21T13:52:52+02:00May 17th, 2022|Categories: Access to Information, POPI and Data Protection|Tags: , , , |
Read More

Guidance note on application for prior authorisation

The information regulator issued a Guidance Note on application for Prior Authorisation (dated 11 March 2021) to guide responsible parties who are currently processing or intend to process personal information which is subject to prior authorisation to ensure compliance with [...]

By |2024-02-21T13:51:33+02:00October 27th, 2021|Categories: POPI and Data Protection|Tags: , , , |
Read More

Guidance note on processing of personal information of children

The regulator published a guidance note on processing of personal information of children on 28 June 2021 to help responsible parties process the personal information of children lawfully. It mainly deals with an application for authorisation by the Regulator [...]

By |2024-02-21T13:51:34+02:00July 19th, 2021|Categories: POPI and Data Protection|Tags: , , |
Read More

Guidance note on processing of Special Personal Information

The regulator published a guidance note on processing of Special Personal Information on 28 June 2021 to help responsible parties process Special Personal Information lawfully. The guidance note does not add much to what is currently in the law [...]

By |2024-02-21T13:51:35+02:00July 19th, 2021|Categories: POPI and Data Protection|Tags: , , |
Read More

Guidance note on exemptions from the conditions of POPIA

The regulator published a guidance note on exemptions from the conditions for lawful processing of personal information in terms of Section 37 and 38 of POPIA on 21 June 2021. The guidance note helps those who intend to apply for [...]

By |2024-02-21T13:51:36+02:00June 22nd, 2021|Categories: POPI and Data Protection|Tags: , , |
Read More

Guidance note on information officers and deputy information officers

The information regulator has published a guidance note on information officers and deputy information officers to provide guidance, procedures and forms to enable responsible parties to do various things required by law. To save you time, we have summarised [...]

By |2025-06-06T14:13:01+02:00April 16th, 2021|Categories: Access to Information, POPI and Data Protection|Tags: , , , , , |
Read More