South Africa Protection of Personal Information Act.
South Africa's POPIA governs the processing of personal information, combining administrative fines with criminal penalties. It requires lawful processing conditions, information officer registration, and breach notification.
Maximum penalty
R10M or 10 years imprisonment
Source: POPIA Section 107
Key requirements
Lawful processing conditions (8 conditions)
Information Officer registration with Regulator
Breach notification to Regulator and data subjects
Cross-border transfer restrictions
+1 more requirements in the complete guide.
Get the full POPIA compliance guide →Enforcement examples
Department of Justice (SA)
Ransomware attack exposing personal information - first major POPIA enforcement test
Investigation
2021
How Tessera automates POPIA compliance
POPIA compliance monitoring
Information Regulator notification workflow
Cross-border transfer assessment
Data subject rights automation
POPIA compliance checklist
Essential steps to achieve and maintain POPIA compliance.
Register Information Officer with Regulator
Ensure 8 lawful processing conditions met
Implement breach notification procedures
+2 more steps in the full checklist.
Get your complete POPIA compliance checklist - free →Industries affected
Calculate your POPIA exposure.
See exactly how POPIA penalties apply to your revenue and industry profile.