Skip to content

The Protection Of Personal Information Act


Certain sections of The Protection Of Personal Information Act 4 2013 have been enacted as of the 1St of July 2021, here are the basics of the act and how it will affect you.

Everyone is talking about The Protection Of Personal Information Act or P.O.P.I.A. that was made live yesterday on the 1st of July 2021. This is not a new concept, as the Act was first enacted in 2013, with the remaining portions of the Act taking effect yesterday.

There is a lot of information floating around about this act but what exactly does it include I hear you ask.

The aim of the Act according to the official Government website is:

  • To promote the protection of personal information processed by public and private bodies;
  • To introduce certain conditions so as to establish minimum requirements for the processing of personal information;
  • To provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
  • To provide for the issuing of codes of conduct;
  • To provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  • To regulate the flow of personal information across the borders of the Republic; and
  • To provide for matters connected therewith.

The section of the act that was enacted yesterday is the “PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)”.

Personal information must be treated as a valuable commodity, both in terms of how it is obtained and shared. section 12 of P.O.P.I.A. provides that information must be collected directly from the data subject unless it is contained in or derived from a public record or the data subject has made it public. Because of this, it has become very important that we as consumers be very cautious of what information we share online and on social media.

The purpose of the Act is to protect people from harm by safeguarding their personal information, maintaining their privacy, and preventing the theft of their money and identities.

This Act will affect all South-Africans and will protect people whose personal information is gathered and used in any manner, this essentially includes those individuals and businesses involved in the processing and use of personal data, such as banks, medical aids, Internet service providers, and telecommunications companies.

The Protection Of Personal Information Act

Noncompliance can result in reputational harm, fines, and imprisonment, as well as the payment of damages to data subjects. According to the Chairperson of the Information Regulator in South-Africa Pansy Tlakula the penalties can be as severe as a Ten Million Rand Fine or Ten years in Jail or both. Obviously, these punishments will be considered on a case-by-case basis, with the gravity of the offense determining the penalty sought.

The practical side of this Act can involve things that may seem trivial to you or I such as giving someone’s phone number to a third party without permission or adding someone to a Whatsapp group without that person’s consent etc.

This Act will give much-needed protection to South Africans when it comes to the selling and illegal use of their personal data and is a necessity in the current economic climate.

We hope this has provided an easy-to-understand explanation of the Act, but if you still have questions or wish to familiarize yourself with the complete Act, you can read the full explanation of the P.O.P.I.A. Act here.