TikTok’s GDPR transfers – Understanding the €530M fine

By |2025-05-15T12:25:57+02:00May 13th, 2025|Categories: POPI and Data Protection|Tags: |

Let's discuss TikTok’s GDPR transfers. Managing cross-border data flows under GDPR can be as treacherous as navigating iceberg-strewn waters — hidden dangers lurk beneath the surface. TikTok recently discovered how severe those dangers can be, facing a landmark €530 million [...]

Personal Information Impact Assessments under POPIA

By |2025-05-06T12:53:11+02:00April 30th, 2025|Categories: POPI and Data Protection|Tags: , |

A Personal Information Impact Assessment (PIIA) under POPIA is a process that helps organisations understand and minimise the data protection risks of processing personal information. Under South Africa’s Protection of Personal Information Act, 4 of 2013 (POPIA), a PIIA supports [...]

WhatsApp enforcement action | POPIA breaches

By |2025-05-13T10:07:01+02:00April 28th, 2025|Categories: POPI and Data Protection|Tags: , , , |

South Africa’s Information Regulator has issued a formal enforcement notice against WhatsApp for failing to comply with the Protection of Personal Information Act (POPIA).This marks a significant step in enforcing South Africa’s data protection laws and signals that the Regulator [...]

The POPIA Amendment Regulations 2025 commence

By |2025-05-06T10:20:08+02:00April 24th, 2025|Categories: POPI and Data Protection|Tags: , , |

The POPIA Amendment Regulations commenced with immediate effect on 17 April 2025. These amended regulations cover new proposed rules of procedure, administrative fines, and expand the data subject's rights to their personal information.  In this post, we summarise the regulations, [...]

AI explainability legal governance: Pulling back the curtain

By |2025-04-17T12:54:49+02:00April 17th, 2025|Categories: AI Law|Tags: , |

Let's talk artificial intelligence (AI) explainability and legal governance. AI often seems like a magic show: impressive but hard to understand. However, with increasing reliance on AI, legal frameworks now demand transparency. Recent advances, particularly Anthropic's research on circuit tracing, [...]

Corporate AI deepfake fraud: When trusted faces deceive

By |2025-04-10T10:44:20+02:00April 10th, 2025|Categories: AI Law, Cybersecurity Law|Tags: , , , |

It's time to address corporate artificial intelligence (AI) deepfake fraud. AI can now create compelling fake videos and audio of real people. This 'deepfake' technology presents a growing threat to businesses, particularly through financial fraud. Criminals are using deepfakes to [...]

Personal data deletion rights: Navigating your responsibilities

By |2025-04-10T10:45:22+02:00April 8th, 2025|Categories: POPI and Data Protection|Tags: , |

Personal data deletion rights aren't just paperwork — they're like removing permanent marker from a whiteboard: simple to describe but tricky to do correctly. Data protection laws now give people more rights to control their personal information. One crucial right [...]

How do I comply with POPI or POPIA?

By |2025-04-24T14:35:24+02:00April 8th, 2025|Categories: POPI and Data Protection|Tags: , , , , |

Wouldn't it be lovely if there were a comprehensive checklist that could help you comply with POPI or POPIA? Because the Protection of Personal Information (POPI) Act in South Africa is a principle-based law, it is not possible to [...]

Notification of security compromise to the Information Regulator | Guideline and support

By |2025-04-23T13:35:59+02:00April 7th, 2025|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , , , |

The information regulator published a Guideline on notification of security compromises to the information regulator in July 2020. The guideline explains the procedure responsible parties or information officers should follow to notify the regulator of a security compromise or data [...]

Rules for the processing of health information or sex life

By |2025-04-09T11:49:23+02:00April 1st, 2025|Categories: POPI and Data Protection|Tags: , , , , , |

The information regulator may prescribe more detailed rules for the processing of health information or sex life (section 32(6)) by making Health and Sex Life Regulations (section 112(2)(c)). The rules would apply to specific responsible parties who process personal information [...]