Skip to content
POPIA
Protection of Personal Information Act
Menu and widgets
ACT Summary and Preamble
Chapter 1 Definitions and Purpose
Section 1 Definitions
Section 2 Purpose of Act
Chapter 2 Application Provisions
Section 3 Application and interpretation of Act
Section 4 Lawful processing of personal information
Section 5 Rights of data subjects
Section 6 Exclusions
Section 7 Exclusion for journalistic, literary or artistic purposes
Chapter 3 Conditions for Lawful Processing
Part A Processing of personal information in general
Condition 1 Accountability
Section 8 Responsible party to ensure conditions for lawful processing
Condition 2 Processing limitation
Section 9 Lawfulness of processing
Section 10 Minimality
Section 11 Consent, justification and objection
Section 12 Collection directly from data subject
Condition 3 Purpose specification
Section 13 Collection for specific purpose
Section 14 Retention and restriction of records
Condition 4 Further processing limitation
Section 15 Further processing to be compatible with purpose of collection
Condition 5 Information quality
Section 16 Quality of information
Condition 6 Openness
Section 17 Documentation
Section 18 Notification to data subject when collecting personal information
Condition 7 Security safeguards
Section 19 Security measures on integrity and confidentiality of personal information
Section 20 Information processed by operator or person acting under authority
Section 21 Security measures regarding information processed by operator
Section 22 Notification of security compromises
Condition 8 Data subject participation
Section 23 Access to personal information
Section 24 Correction of personal information
Section 25 Manner of access
Part B Processing of special personal information
Section 26 Prohibition on processing of special personal information
Section 27 General authorisation concerning special personal information
Section 28 Authorisation concerning data subject’s religious or philosophical beliefs
Section 29 Authorisation concerning data subject’s race or ethnic origin
Section 30 Authorisation concerning data subject’s trade union membership
Section 31 Authorisation concerning data subject’s political persuasion
Section 32 Authorisation concerning data subject’s health or sex life
Section 33 Authorisation concerning data subject’s criminal behaviour or biometric information
Part C Processing of personal information of children
Section 34 Prohibition on processing personal information of children
Section 35 General authorisation concerning personal information of children
Chapter 4 Exemption from Conditions
Section 36 General
Section 37 Regulator may exempt processing of personal information
Section 38 Exemption in respect of certain functions
Chapter 5 Supervision
Part A Information Regulator
Section 39 Establishment of Information Regulator
Section 40 Powers, duties and functions of Regulator
Section 41 Appointment, term of office and removal of members of Regulator
Section 42 Vacancies
Section 43 Powers, duties and functions of Chairperson and other members
Section 44 Regulator to have regard to certain matters
Section 45 Conflict of interest
Section 46 Remuneration, allowances, benefits and privileges of members
Section 47 Staff
Section 48 Powers, duties and functions of chief executive officer
Section 49 Committees of Regulator
Section 50 Establishment of Enforcement Committee
Section 51 Meetings of Regulator
Section 52 Funds
Section 53 Protection of Regulator
Section 54 Duty of confidentiality
Part B Information Officer
Section 55 Duties and responsibilities of Information Officer
Section 56 Designation and delegation of deputy information officers
Chapter 6 Prior Authorisation
Section 57 Processing subject to prior authorisation
Section 58 Responsible party to notify Regulator if processing is subject to prior authorisation
Section 59 Failure to notify processing subject to prior authorisation
Chapter 7 Codes of Conduct
Section 60 Issuing of codes of conduct
Section 61 Process for issuing codes of conduct
Section 62 Notification, availability and commencement of code of conduct
Section 63 Procedure for dealing with complaints
Section 64 Amendment and revocation of codes of conduct
Section 65 Guidelines about codes of conduct
Section 66 Register of approved codes of conduct
Section 67 Review of operation of approved code of conduct
Section 68 Effect of failure to comply with code of conduct
Chapter 8 Direct Marketing, Directories and Automated Decision Making
Section 69 Direct marketing by means of unsolicited electronic communications
Section 70 Directories
Section 71 Automated decision making
Chapter 9 Transborder Information Flows
Section 72 Transfers of personal information outside Republic
Chapter 10 Enforcement
Section 73 Interference with protection of personal information of data subject
Section 74 Complaints
Section 75 Mode of complaints to Regulator
Section 76 Action on receipt of complaint
Section 77 Regulator may decide to take no action on complaint
Section 78 Referral of complaint to regulatory body
Section 79 Pre-investigation proceedings of Regulator
Section 80 Settlement of complaints
Section 81 Investigation proceedings of Regulator
Section 82 Issue of warrants
Section 83 Requirements for issuing of warrant
Section 84 Execution of warrants
Section 85 Matters exempt from search and seizure
Section 86 Communication between legal adviser and client exempt
Section 87 Objection to search and seizure
Section 88 Return of warrants
Section 89 Assessment
Section 90 Information notice
Section 91 Parties to be informed of result of assessment
Section 92 Matters referred to Enforcement Committee
Section 93 Functions of Enforcement Committee
Section 94 Parties to be informed of developments during and result of investigation
Section 95 Enforcement notice
Section 96 Cancellation of enforcement notice
Section 97 Right of appeal
Section 98 Consideration of appeal
Section 99 Civil remedies
Chapter 11 Offences, Penalties and Administrative Fines
Section 100 Obstruction of Regulator
Section 101 Breach of confidentiality
Section 102 Obstruction of execution of warrant
Section 103 Failure to comply with enforcement or information notices
Section 104 Offences by witnesses
Section 105 Unlawful acts by responsible party in connection with account number
Section 106 Unlawful acts by third parties in connection with account number
Section 107 Penalties
Section 108 Magistrate’s Court jurisdiction to impose penalties
Section 109 Administrative fines
Chapter 12 General Provisions
Section 110 Amendment of laws
Section 111 Fees
Section 112 Regulations
Section 113 Procedure for making regulations
Section 114 Transitional arrangements
Section 115 Short title and commencement
Chapter 1
Definitions and Purpose
Section 1 Definitions
Section 2 Purpose of the Act