Let's discuss TikTok’s GDPR transfers. Managing cross-border data flows under GDPR can be as treacherous as navigating iceberg-strewn waters — hidden dangers lurk beneath the surface. TikTok recently discovered how severe those dangers can be, facing a landmark €530 million [...]
A Personal Information Impact Assessment (PIIA) under POPIA is a process that helps organisations understand and minimise the data protection risks of processing personal information. Under South Africa’s Protection of Personal Information Act, 4 of 2013 (POPIA), a PIIA supports [...]
South Africa’s Information Regulator has issued a formal enforcement notice against WhatsApp for failing to comply with the Protection of Personal Information Act (POPIA).This marks a significant step in enforcing South Africa’s data protection laws and signals that the Regulator [...]
The POPIA Amendment Regulations commenced with immediate effect on 17 April 2025. These amended regulations cover new proposed rules of procedure, administrative fines, and expand the data subject's rights to their personal information. In this post, we summarise the regulations, [...]
Let's talk artificial intelligence (AI) explainability and legal governance. AI often seems like a magic show: impressive but hard to understand. However, with increasing reliance on AI, legal frameworks now demand transparency. Recent advances, particularly Anthropic's research on circuit tracing, [...]
You need to achieve POPIA compliance. And we're the organisation you're looking for that will help you get it done. Why us? We're experts with deep knowledge of the field; we have years (and years) of experience and we're all [...]
It's time to address corporate artificial intelligence (AI) deepfake fraud. AI can now create compelling fake videos and audio of real people. This 'deepfake' technology presents a growing threat to businesses, particularly through financial fraud. Criminals are using deepfakes to [...]
Personal data deletion rights aren't just paperwork — they're like removing permanent marker from a whiteboard: simple to describe but tricky to do correctly. Data protection laws now give people more rights to control their personal information. One crucial right [...]
Wouldn't it be lovely if there were a comprehensive checklist that could help you comply with POPI or POPIA? Because the Protection of Personal Information (POPI) Act in South Africa is a principle-based law, it is not possible to [...]
The information regulator published a Guideline on notification of security compromises to the information regulator in July 2020. The guideline explains the procedure responsible parties or information officers should follow to notify the regulator of a security compromise or data [...]
The information regulator may prescribe more detailed rules for the processing of health information or sex life (section 32(6)) by making Health and Sex Life Regulations (section 112(2)(c)). The rules would apply to specific responsible parties who process personal information [...]
