Legal updates and opinions
News / News
Enforcement notice issued to Dis-Chem due to contravention of POPIA
and Chiara Ferri, Candidate Attorney
The importance of compliance has once again been highlighted as the Information Regulator issued an Enforcement Notice to Dis-Chem Pharmacies Ltd (“Dis-Chem“) on 1 September 2023 for non-compliance with the Protection of Personal Information Act 4 of 2013 (“POPIA“).
The Information Regulator is casting their net wide when it’s come to investigating contraventions, whether it be against large, small, private or public companies and is cracking down on ensuring consumers’ information is safeguarded and lawfully processed.
The Information Regulator found that Dis-Chem failed to identify the risk of using weak passwords, failed to implement measures to monitor and detect unlawful access to their environment and that they hadn’t entered into any operator agreement with their third party service provider which would have, amongst other things outlined the process of reporting to Dis-Chem in the event of a security compromise.
The Information Regulator has ordered Dis-Chem to conduct a Personal Information Impact Assessment and to ensure that adequate measures and standards exist to comply with the conditions for the lawful processing of personal information. They have also been mandated to implement an adequate Incident Response Plan, involving strong access control measures, maintaining a vulnerability management programme, implementing strong access control measures and maintaining an Information Security Policy.
Dis-chem have been ordered to conclude written contracts with all operators who process personal information on its behalf and to develop, implement, monitor and maintain a compliance framework. Failure to comply with such obligations will result in an administrative fine or result in a conviction of imprisonment or both.
A breach of this nature, and the finding as to the lack of safeguards in place should come as a shock for an organisation of this size and an organisation which holds such a vast quantity of data. One would expect that all prominent companies in South Africa would have conducted an impact assessment and would give credence to their responsibilities in protecting their customers’ data. The Information Regulators guidance to Information Officers is clear. Understanding the privacy landscape together with rights, obligations and duties are not negotiable. A robust privacy programme empowers companies to demonstrate that they reasonably comply with the obligations as stipulate in POPIA.
The Werksmans regulatory team has developed electronic tools and a sound methodology which aim to assist with impact assessments and the implementation of a compliance road-map. Compliance with POPIA is not a template that is downloaded and copied. A clear understanding of the legislation is paramount.
Click below to access Ahmore Burger-Smidt’s latest publication:

Latest News
There’s a new merger sheriff on the continent: Navigating the East African Community’s pending merger notification regime
by Pieter Steyn - Director and Raisah Mahomed - Associate On 1 July 2025 the East African Community Competition Authority [...]
Employers’ beware: not every positive test warrants a dismissal, even where a zero tolerance policy is in place
by Andre van Heerden, Director and Hannah Fowler, Candidate Attorney When it comes to workplace policies on alcohol and drugs, [...]
Are all parents created equal: The Constitutional Court confirms the invalidity of legislation relating to forms of parental leave
by Kerry Fredericks - Director, Thembelihle Tshabalala - Associate and Gracie Sargood - Candidate Attorney In the recent highly [...]
Bafana Bafana’s World Cup qualification hanging by a thread
by Brendan Olivier, Director and Daniel Gewer, Candidate Attorney Bafana Bafana's prospects of taking to the field at next year's [...]
ESG, the key to sustaining the construction sector?
by Justin Duarte, Candidate Attorney, reviewed by Natalie Scott, Director and Head of Sustainability and Jennifer Smit, Director and Head [...]
SME cashflow threats: ensuring that your security offers a protection against payment default
by Brendan Olivier, Director It's becoming all-too-common: an SME that provides goods and services on credit to a major supplier [...]
