“If you think compliance is expensive,
try non-compliance.”
former U.S. Deputy Attorney General Paul McNulty
1) Promotion of Access to Information Act (PAIA)
In terms of the Constitution and PAIA, all people in South Africa, including non-nationals, can request information from public and private bodies.
Effective as from 1 January 2022, all Public and Private Bodies must have their PAIA Manuals available at their principal place of business and their official website (if any).
Access to information and the protection of certain types of personal information rights in South Africa are entrenched in the Constitution and are mainly regulated by the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPI).
2) Protection of Personal Information Act (POPIA).
The POPI Act applies to every business in South Africa (even international companies that does business in South Africa) that collects, uses, stores or destroy personal information from a data subject (the natural or legal entity to whom the information belongs), whether or not such processing is automatic.
ALL entities must be POPIA compliant – mandatory since 1 of July 2021 – or face harsh penalties.
“Failure to comply with certain provisions of POPIA may result in the Information Regulator (IR) imposing an administrative penalty of up to R10 million as of 1 July 2021 or to imprisonment for a period not exceeding 10 years, or to both a fine and such imprisonment.”
Businesses are thus compelled by law to compile, submit and streamline certain documents on an ongoing basis.
The Information Regulator