POPIA fines

We continually monitor and provide a plain-language summaries of all POPIA fines. Our summaries highlight what action you might need to take in response. We summarise any fine that applies to POPIA. We do all the hard work for you to save you time.

Only some of the POPIA fine summaries are linked below. To read all previous ones and be alerted to future ones, join the Michalsons data protection programme. If you are a member and you are logged in, you will be able to view the public as well as the “Members only” fine summaries.

FT Rams Consulting enforcement action | Email direct marketing

The Information Regulator is taking enforcement action against FT Rams Consulting for non-compliance with section 69 of POPIA - the section that deals with direct marketing. This FT Ram Consulting fine of R200k follows a complaint from a data subject […]

By |2026-03-05T12:31:04+02:00March 5th, 2026|Categories: Marketing Law, POPI and Data Protection|Tags: , , , , , , , |
Read More

Blouberg Municipality enforcement action | Further processing of financial disclosures

The regulator has fined Blouberg Municipality R500 000 after a complaint from a former employee. This Blouberg Municipality enforcement action arose because the municipality unlawfully published the employee’s personal information on its website in a declaration of interest. As a […]

By |2026-03-05T12:31:13+02:00March 5th, 2026|Categories: POPI and Data Protection|Tags: , , , , , , |
Read More

Department of Basic Education enforcement action | Consent

The Information Regulator argues that it is unlawful for the Department of Basic Education (DBE) to publish matric results in newspapers using a learner's exam number without consent. The regulator issued an enforcement notice to the DBE and then fined […]

By |2026-02-12T14:52:53+02:00January 8th, 2026|Categories: POPI and Data Protection|Tags: , , , , , , , |
Read More

Lancet Laboratories enforcement action | Security

The Information Regulator issued a POPIA enforcement notice against Lancet Laboratories in September 2024 for failing to comply with the breach notifications required by POPIA. The Information Regulator conducted a POPIA compliance assessment following the numerous security compromises experienced by [...]

By |2025-12-05T12:27:25+02:00September 25th, 2024|Categories: POPI and Data Protection|Tags: , , , , , , , , , , |
Read More

DoJ enforcement action | Personal information compromise

The Information Regulator’s DoJ enforcement action, followed by the DoJ infringement notice, highlights the risks of failing to address a personal information compromise under the Protection of Personal Information Act (POPIA). The Department of Justice (DoJ) failed to secure the [...]

By |2026-04-07T15:29:41+02:00September 11th, 2024|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , , , |
Read More

Using an outsourced DPO to avoid fines

Data protection regulations are becoming increasingly strict. In response, many organisations are turning to outsourced Data Protection Officers (DPOs) to ensure that their organisation remains fully compliant. An outsourced DPO helps an organisation follow its data protection plan and makes [...]

By |2024-02-22T10:46:33+02:00June 19th, 2023|Categories: POPI and Data Protection|Tags: , , , , , , |
Read More

Data protection fines in Africa

Data protection fines in Africa are on the rise as more authorities enforce compliance with data protection laws. Data protection authorities in Angola and Kenya have hit the ground running by enforcing data protection laws. In this article, we highlight [...]

By |2024-02-22T10:47:10+02:00March 29th, 2023|Categories: POPI and Data Protection|Tags: , , , , , , |
Read More