Legal updates and opinions
News / News
Long road to data protection
On 14 December 2018, the Regulations relating to the Protection of Personal Information were finally published by the Information Regulator (“Regulator“) under section 112(2) of the Protection of Personal Information Act, Act 4 of 2013. These Regulations shall commence on a date to be determined by the Regulator by Proclamation in the Government Gazette.
WHAT YOU NEED TO KNOW
The Regulations provide for various forms to be completed when a data subject wants to:
- object to the processing of their personal information;
- request the correction, deletion or destruction of their personal information; and
- lodge a complaint with the Regulator.
More importantly and for immediate action, companies must take note of and implement, the additional responsibilities of the Information Officer to ensure that:
“(a) a compliance framework is developed, implemented, monitored and maintained;
(b) a personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information;
(c) a manual is developed, monitored, maintained and made available as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000);
(d) internal measures are developed together with adequate systems to process requests for information or access thereto; and
(e) internal awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.”
Furthermore, the Regulations provide for forms setting out the necessary information required in terms of which the Regulator will exercise its duties.
The publication is a clear step in the direction of the Regulator commencing official duties early in 2019.
As a country, we are soon to embark on an interesting road where the privacy of individuals and specifically data privacy will have to be considered in detail in all business activities.
Latest News
Misuse of the business rescue process – failure before it begins
by Dr. Eric Levenstein, Director and Head of Insolvency & Business Rescue and Amy Mackechnie, Senior Associate Business rescue was introduced [...]
Constitutional Court clarifies rights of innocent contractors under invalid state contracts
by Sarah Moerane, Director and Kuhle Joja, Associate In Minister of Defence and Military Veterans v Zeal Health Innovations (Pty) [...]
Untangling the mischief of section 43 of the Electronic Communications Act: A missed opportunity in the Amendment Bill
by Corlett Manaka, Director and Head of Disputes, Akhona Bilatyi, Director and Koketso Rapoo, Senior Associate On 12 March 2026, [...]
A charge by any other name would smell as sweet
by Bradley Workman-Davies, Director The Labour Appeal Court's judgment in Machi v Chep SA (Pty) Ltd and Others serves as [...]
When a misdirected email becomes a data breach: The Information Regulator issues an enforcement notice on internal and accidental security compromises
by Armand Swart, Director, Hlonelwa Lutuli, Associate and Isabella Keeves, Candidate Attorney On 22 May 2026, South Africa’s Information Regulator [...]
Renting out your home? The Consumer Protection Act does not apply to you says Supreme Court of Appeal
by Armand Swart, Director In the judgment of Els v Venter and Another (449/2024) [2025] ZASCA 163 (27 October 2025), [...]
