Legal updates and opinions
News / News
POPIA, Employment Contracts and Policies and Procedures
by Ahmore Burger-Smidt, Director and Head of the Data Privacy Practice; Jacques van Wyk, Director, Labour & Employment Practice; and Bradley Workman-Davies, Director, Labour & Employment Practice
With effect of 1 July 2020 a number of material provisions of the Protection of Personal Information Act 2013 (“POPIA”) will come into operation. As more fully detailed in a recent Werksmans’ Update, a number of these provisions impose substantive obligations on businesses (including employers) regarding the processing of personal information.
Positive obligations are placed on employers to, among others, ensure that they comply with the provisions of POPIA regarding the processing of their employees’, customers’ and service providers’ information. It is also important that their employees are equally aware of, and comply with, these obligations when processing any such information on behalf of the employer.
Employers will have 12 months, from 1 July 2020, to ensure that such measures are in place.
It is important that adequate provisions be inserted into contracts of employment and that workplace policies and procedures are implemented to ensure compliance with POPIA. These should include:
(a) The designation of an information officer;
(b) Procedures ensuring information is processed in a lawful manner;
(c) Ensuring that the processing of personal information is done in accordance with the eight conditions provided for in the legislation;
(d) Obtaining consent from employees for the processing of their personal information;
(e) Providing training and information to human resources practitioners as well as employees in order to ensure that information is processed lawfully and that employees, as ‘data subject’s , are aware of their rights;
(f) Putting in place measures to ensure the processing of ‘special personal information’ is lawful;Dealing with any cross-border processing of information; and
(g) Implementing procedures to address and deal with any complaints from, among others, employees regarding the processing of their personal information;
We are able to assist with preparation and/or reviewing of abovementioned and to advise on all aspects of POPIA.
Latest News
Out with the Old: South Africa’s Proposed Overhaul of Exchange Controls and the Inclusion of Crypto Assets
by Janice Geel, Associate and Azraa Sidat, Candidate Attorney, reviewed by Natalie Scott, Director and Head of Sustainability On 17 [...]
Do not call me I’ll call you …… South Africa’s 2026 CPA Amendment Regulations: operationalising the national opt‑out regime for direct marketing and shifting day‑to‑day anti‑spam responsibility to the National Consumer Commission
by Ahmore Burger-Smidt, Director and Head of Regulatory The Consumer Protection Act Amendment Regulations, 2026 deliver the long‑awaited operational framework [...]
Business Rescue Applications Under Scrutiny: business rescue orders are not there for the taking!
by Eric Levenstein, Director and Head Insolvency & Business Rescue and Amy Mackechnie, Senior Associate This article considers the recent decision in [...]
The AI Arms Race and what it means for Competition Law: A new era or new focus
by Ahmore Burger-Smidt, Director and Head of Regulatory We are not in the habit of writing breathless technology briefings. That [...]
The AI Governance Stack and South Africa’s Draft National AI Policy: An Operational Gap in Search of a Framework
by Ahmore Burger-Smidt, Director and Head of Regulatory Author's Note I am presently reading Noah M Kenney's Governing Intelligence: Law, [...]
Speak now or forever hold your peace. The draft AI policy has been published and parties have 60 days to comment
by Ahmore Burger-Smidt, Director and Head of Regulatory On 10 April 2026, South Africa's Department of Communications and Digital Technologies [...]
