Personal data protection

Threats to individual privacy are greater now than ever envisaged, even by an Aldous Huxley or George Orwell. Privacy is most often seen as a fundamental personal right deserving protection either as part of human dignity or, if not subsumed under dignity, nevertheless warranting independent protection.

The state is required to respect, protect, promote and fulfil the rights in the Bill of Rights (section 7(2) of the Constitution). The right to privacy is constitutionally entrenched in the South African Bill of Rights in section 14 of the Constitution. There are various pieces of legislation that implicate the right to privacy. Of particular importance is the Protection of Personal Information Act 4 of 2013 (POPIA), which deals with data protection. POPIA was signed into law on November 19, 2013 and parts of the law became effective on April 11, 2014. The rest of the law has now, on 1 July 2021, finally come into full force through the establishment of the Information Regulator.


POPIA gives the Information Regulator teeth – it has extensive powers to investigate and fine responsible parties. Data subjects will be able to complain to the Information Regulator and the Regulator will be able to take action on behalf of data subjects. The Information Regulator is mandated to regulate and enforce compliance with both POPIA and the Promotion of Access to Information Act, 2 of 2000 (PAIA).


PAIA, on the other hand, refers to another constitutional right in terms of the Constitution which provides for the right of access to information, particularly when such information is required for the exercise or protection of any rights. PAIA aims to foster a culture of transparency and accountability in public and private bodies by giving effect to the right of access to information.

POPIA and PAIA, read together, gives effect to the constitutional right to privacy whilst also including justifiable limitations that are aimed at balancing the right to privacy against the right of access to information.


Smaller private companies have until now, been exempted from the requirement to compile a PAIA manual, however as from 1 July 2021, all public and private companies are expected to comply with the provisions of both PAIA and POPIA. Failure to comply can result in heavy fines or imprisonment or both.

Need a personalised manual?

Please use the form below to send questions or enquiries to our legal partners, Hurter Spies.

Support us

Become a Member today and help support us to reach more people