Welcome to the Protection of Personal Information Act (often called the POPI Act or POPIA) in the form of a website so everyone can access it quickly on all devices. It is so much better than a POPI Act pdf. You can also link to (or share) a specific section. We hope it empowers you and you find it helpful. This is POPIA (or the POPI Act) as enacted by the South African Parliament, but we have reformatted it in the form of a website. The English text was signed by the President. We disclaim all liability. The commencement date of POPIA Parliament assented to POPIA on 19 November 2013. The commencement date of section 1, Part A of Chapter 5, section 112 and section 113 is 11 April 2014. The commencement date of the other sections is 1 July 2020 (with the exception of section 110 and 114(4). The President of South Africa has proclaimed the POPI commencement date to be 1 July 2020.
To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.
PREAMBLERECOGNISING THAT—
section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy;
the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information;
the State must respect, protect, promote and fulfil the rights in the Bill of Rights;
AND BEARING IN MIND THAT—consonant with the constitutional values of democracy and openness, the need for economic and social progress, within the framework of the information society, requires the removal of unnecessary impediments to the free flow of information, including personal information;
AND IN ORDER TO—regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justifiable limitations that are aimed at protecting other rights and important interests,
PARLIAMENT of the Republic of South Africa therefore enacts, as follows:—
ACT summary and Preamble
Chapter 1 - Definitions and Purposes
Section 1 - Definitions
Section 2 – Purposes
Chapter 2 - Applications Provisions
Section 3 - Application and interpretation of Act
Section 4 - Lawful processing of personal
information
Section 5 - Rights to Data subjects
Section 6 - Exclusions
Section 7 - Exclusions for journalistic,
literary or artistic purposes
Chapter 3 - Conditions for lawful processing
Part A - Processing of personal information in general
Condition 1 - Accountability
Section 8 – Responsible party to ensure
conditions for lawful processing
Condition 2 - Processing Limitation
Section 9 – lawfulness of processing
Section 10 - Minimality
Section 11 – Consent, justification and
objection
Section 12 – Collection directly from data
subject
Condition 3 - Purpose specification
Section 13 – Collection for specific purpose
Section 14 – Retention and restriction of
records
Condition 4 - Further processing limitation
Section 15 – Further processing to be compatible
with purpose of collection
Condition 5 - information quality
Section 16 – Quality of information
Condition 6 - Openness
Section 17 - Documentation
Section 18 – Notification to data subject when
collecting personal information
Condition 7 - Security safeguards
Section
19 - Security measures on integrity and confidentiality of personal information
Section 20 - Information processed by operator
or person acting under authority
Section 21 - Security measures regarding
information processed by operator
Section 22 - Notification of security
compromises
Condition 8 - Data subject participation
Section 23 – Access to personal information
Section 24 – Correction of personal information
Section 25 – Manner of access
Part B - Processing of special personal information
Section 26 - Prohibition on processing of special
personal information
Section 27 - General authorisation concerning
special personal information
Section 28 - Authorisation concerning data
subject’s religious or philosophical beliefs
Section 29 - Authorisation concerning data
subject’s race or ethnic origin
Section 30 - Authorisation concerning data
subject’s trade union membership
Section 31 - Authorisation concerning data
subject’s political persuasion
Section 32 - Authorisation concerning data
subject’s health or sex life
Section 33 - Authorisation concerning data
subject’s criminal behaviour or biometric information
Part C - Processing of personal information of children
Section 34 - Prohibition on processing personal
information of children
Section 35 - General authorisation concerning
personal information of children
Chapter 4 – Exemption from conditions
Section 36 - General
Section 37 - Regulator may exempt processing of
personal information
Section 38 - Exemption in respect of certain
functions
Chapter 5 - Supervision
Part A – Information Regulator
Section 39 - Establishment of
Information Regulator
Section 40 - Powers, duties and functions of
Regulator
Section 41 - Appointment, term of office and
removal of members of Regulator
Section 42 - Vacancies
Section 43 - Powers, duties and functions of
Chairperson and other members
Section 44 - Regulator to have regard to certain
matters
Section 45 - Conflict of interest
Section 46 - Remuneration, allowances, benefits
and privileges of members
Section 47 - Staff
Section 48 - Powers, duties and functions of
chief executive officer
Section 49 - Committees of Regulator
Section 50 - Establishment of
Enforcement Committee
Section 51 - Meetings of Regulator
Section 52 - Funds
Section 53 - Protection of Regulator
Section 54 - Duty of confidentiality
Part B – Information Officer
Section 55 - Duties and
responsibilities of Information Officer
Section 56 - Designation and delegation of
deputy information officers
Chapter 6 – Prior Authorisation
Section 57 - Processing subject to
prior authorisation
Section 58 - Responsible party to notify
Regulator if processing is subject to prior authorisation
Section 59 - Failure to notify
processing subject to prior authorisation
Chapter 7 – Codes of Conduct
Section 60 - Issuing of codes of
conduct
Section 61 - Process for issuing codes of
conduct
Section 62 - Notification, availability and
commencement of code of conduct
Section 63 - Procedure for dealing
with complaints
Section 64 - Amendment and revocation of codes
of conduct
Section 65 - Guidelines about codes of conduct
Section 66 - Register of approved codes of
conduct
Section 67 - Review of operation of approved
code of conduct
Section 68 - Effect of failure to comply with
code of conduct
Chapter 8 - Direct Marketing, Directories and Automated Decision Making
Section 69 - Direct marketing by
means of unsolicited electronic communications
Section 70 - Directories
Section 71 - Automated decision
making
Chapter 9 - Transborder Information Flows
Section 72 - Transfers of personal
information outside Republic
Chapter 10 - Enforcement
Section 73 - Interference with
protection of personal information of data subject
Section 74 - Complaints
Section 75 - Mode of complaints to Regulator
Section 76 - Action on receipt of
complaint
Section 77 - Regulator may decide to take no
action on complaint
Section 78 - Referral of complaint to regulatory
body
Section 79 - Pre-investigation proceedings of
Regulator
Section 80 - Settlement of complaints
Section 81 - Investigation proceedings of
Regulator
Section 82 - Issue of warrants
Section 83 - Requirements for issuing of warrant
Section 84 - Execution of warrants
Section 85 - Matters exempt from search and
seizure
Section 86 - Communication between legal adviser
and client exempt
Section 87 - Objection to search and seizure
Section 88 - Return of warrants
Section 89 - Assessment
Section 90 - Information notice
Section 91 - Parties to be informed of result of
assessment
Section 92 - Matters referred to Enforcement
Committee
Section 93 - Functions of Enforcement Committee
Section 94 - Parties to be informed of
developments during and result of investigation
Section 95 - Enforcement notice
Section 96 - Cancellation of enforcement notice
Section 97 - Right of appeal
Section 98 - Consideration of appeal
Section 99 - Civil remedies
Chapter 11 - Offences, Penalties and Administrative Fines
Section 100 - Obstruction of
Regulator
Section 101 - Breach of confidentiality
Section 102 - Obstruction of execution of
warrant
Section 103 - Failure to comply with enforcement
or information notices
Section 104 - Offences by witnesses
Section 105 - Unlawful acts by responsible party
in connection with account number
Section 106 - Unlawful acts by third parties in
connection with account number
Section 107 - Penalties
Section 108 - Magistrate’s Court jurisdiction to
impose penalties
Section 109 - Administrative fines
Chapter 12 - General Provisions
Section 110 - Amendment of laws
Section 111 - Fees
Section 112 - Regulations
Section 113 - Procedure for making regulations
Section 114 - Transitional arrangements
Section 115 - Short title and commencement