The long-awaited Protection of Personal Information Act, POPI is finally here

New privacy law to help bring the SA’s laws on par with international standards becomes effective.



Today, South Africans wake up to a somewhat different personal privacy landscape than the one they had left behind yesterday. As of today, the long-awaited Protection of Personal Information Act, or POPIA, becomes effective after being years in the making. Though a win for consumers repeatedly bombarded with direct marketing calls, it is an undeniable source of anxiety for corporations that have to put in place new measures to avoid possibly receiving harsh fines of up to R10-million, or even jail time. First enacted in 2013, the Act is intended to usher a new era of personal privacy and bring the country’s privacy laws on par with international standards as more social and economic activities increasingly happen online.


With SA said to have the third-highest number of cyberattacks, the law seems to be a necessary evil, as it joins a growing list of countries implementing similar laws. According to the UNCTAD, 128 out of 194 countries across the world had also put in place legislations to secure the protection of data and privacy. Among all the laws, the European Union’s General Data Protection Regulations (GDPR), introduced back in 2018, is seen as the new golden standard among data protection laws, and has influenced the thinking around many other parts of the world. Worryingly, Africa, similar to Asia, is still lacking behind with rolling out similar laws, with just over half of the continent’s countries having adopted such legislations.