The draft King V Code on corporate governance was released for public comment on 24 February 2025 by the Institute of Directors in Southern Africa (IoDSA). It is only about 20 pages long and includes only the code (unlike previous [...]
The regulator will publish a guidance note on cross-border transfers to and from South Africa in terms of POPIA. They will not wait for the finalisation of the African Continental Free Trade Agreement. They have been consulting with other authorities, [...]
The information regulator has presented its draft annual performance plan (regulator APP) for 1 April 2025 to 31 March 2026. It has presented them in different formats to different audiences. For example, the regulator held a stakeholder engagement on 5 [...]
The information regulator will publish a Gated Communities Code of Conduct under POPIA, which will specify how a gated access community may process visitors' personal information. According to the regulator on 5 March 2025, there has been a public outcry [...]
The Information Regulator was created by the Protection of Personal Information Act (POPI Act). POPI gives the Information Regulator teeth - it has extensive powers to investigate and fine responsible parties. Data subjects can complain to the Information Regulator [...]
The High Court considered whether surveillance evidence collected without consent was admissible under the Protection of Personal Information Act (POPIA). The case clarifies when personal information, including special personal information like health data, may be processed and used in legal [...]
DeepSeek, a Chinese artificial intelligence (AI) chatbot, faces bans and suspensions worldwide due to serious privacy and security concerns. Governments and regulators have flagged the chatbot’s data practices - raising alarms over potential national security risks and non-compliance with data [...]
Information Security vs Cyber Security - what’s the Difference? Businesses often confuse information security and cyber security, but these terms have distinct meanings. Companies handle vast amounts of data, from customer details to financial records, and must protect this information. [...]
Data protection is a critical element of Bulgaria's fast-evolving digital economy. As businesses explore innovative technologies, foreign investment grows, and data-driven services expand, compliance with the GDPR and the Bulgarian Personal Data Protection Act (PDPA) is essential for safeguarding consumer [...]
The Joint Standard on Cybersecurity and Cyber Resilience Requirements sets the minimum standards for financial institutions to implement best practices and processes to identify and guard against cybersecurity and cyber resilience risks. The Financial Sector Conduct Authority (FSCA) and the [...]
The Department of Trade, Industry, and Competition (DTIC) plans to make CPA amendments to the Consumer Protection Act (CPA) regulations. These CPA regulation amendments aim to address direct marketing practices in South Africa by introducing a National government-run opt-out registry [...]
Today, processing personal data is not just a technical matter but a legal requirement governed by strict rules. Relevant data protection laws generally state that every data processing activity must have a legal basis. Although many believe that consent is [...]
