skip to Main Content

The Protection of Personal Information Act 4 of 2013 (POPIA) is the comprehensive data protection legislation enacted in South Africa.

POPIA aims to give effect to the constitutional right to privacy, whilst balancing this against competing rights and interests, particularly the right of access to information.

POPIA is outcomes-based. The Act introduces certain principles, obligations and processing conditions regarding the protection of personal information – which organisations must then apply in an appropriate and reasonable manner in their organisation, following the guidelines and measures in the Act and as provided by the Information Regulator.

The Protection of Personal Information Act 4 of 2013 aims:

  • to promote the protection of personal information processed by public and private bodies;
  • to introduce certain conditions so as to establish minimum requirements for the processing of personal information;
  • to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
  • to provide for the issuing of codes of conduct;
  • to provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  • to regulate the flow of personal information across the borders of the Republic; and
  • to provide for matters connected therewith.

POPIA is outcomes-based. The Act introduces certain principles, obligations and processing conditions regarding the protection of personal information – which organisations must then apply in an appropriate and reasonable manner in their organisation, following the guidelines and measures in the Act and as provided by the Information Regulator.

Back To Top