South Africa is following the GDPR quite closely.  By implementing according to the GDPR, organisations should be comfortable that they are largely compliant with the Protection of Personal Information Act.  It will still require tailoring to our specific requirements, but GDPR forms a great starting point.

Click on the item below to see the details

  • Article 1 – Subject-matter and objectives-Actions

     GDPR Article 1: Actions to take


    Understand the POPI Act, the Regulations when completed, and take every action to comply to the Act. 

    Follow our list of POPI Act compliance actions which will be updated on a regular basis.

    Subscribe to our newsletter and update database  



  • Article 1 – Subject-matter and objectives-POPIA implications

    GDPR Article 1: Implications for POPIA 


    Protection of natural persons and their right to privacy is enshrined in the Constitution. The Protection of Personal Information Act  (POPIA) is South Africa's Privacy law and introduces requirements for the processing of Personal Information.

    Regulations to the Act are expected to be finalised in early 2018 and will provide detail regarding what organisations need to do in order to comply.

    If a South African organisation conducts business with an EU organisation they need to understand the implications of the GDPR.  Any cross border flow of information to and from the EU should be considered.


    The Protection of Personal Information Act (POPIA)  gives effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations.


    The Protection of Personal Information Act (POPIA) includes provision for justifiable limitations including:

    (i) balancing the right to privacy against other rights, particularly the right of access to information; and
    (ii) protecting important interests, including the free flow of information within the Republic and across international borders  

  • Article 1 – Subject-matter and objectives-GDPR

     GDPR Article 1: Rules relating to the protection of natural persons information

    This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

    This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

    The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.