The bulk of South Africa’s Protection of Personal Information Act (2013) became law on 1 July after a seven-year build up.
The long lead in was so that proposed innovations in the EU’s General Data Protection Regulation (GDPR) could be considered and to give the South Africa Information Regulator (SAIR) time to develop operational capabilities, according to lawyers in the country.
The act’s core aim is to promote protection of personal information processed by public and private bodies.
The 93 sections which took effect on 1 July cover stipulating the SAIR’s duties; how information is processed; codes of conduct; individuals’ rights related to direct marketing, directories and automated decision making; regulating flow of personal information abroad; and enforcement, penalties and fees.
Provisions for making amendments is scheduled to come into law on 30 June next year.