Employee Data Privacy

South Africa - Breach Notification

 Download as a PDF

Are there any data breach notification requirements? 


A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances. 

markus-spiske-303121In cases where there’s reason to believe that an employee’s (or other data subject’s) personal information has been accessed or acquired by someone without authorization, employers must notify South Africa’s Regulator (The Protection of Personal Information Act, 2013, Sec. 22(1))(“POPI”). Impacted individuals must also be informed as soon as reasonably possible unless the identity of the individual whose information has been compromised can’t be established.

Notification to impacted individuals may be legitimately delayed if required by law enforcement, a public body, or the Regulator conducting a criminal investigation. Employees whose data has been compromised must be notified by writing through:

  • mail or email to the data subject’s last known address;
  • posting a notification in a prominent position on the employer’s website;
  • publishing in the news media; and/or
  • as required by the Regulator.

The notice must include information to allow the individual to take measures to protect themselves against the risks associated with the breach, including:

  • a description of the possible consequences to the individual;
  • the measures the employer intends to take or has taken to remediate the potential consequences of the breach;
  • recommendations of steps the individual can take to mitigate the potential effects of the breach; and,
  • the identity of the unauthorized person who may have access/acquired their personal information (when possible).


Ultimate Software's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where Ultimate Software's customers have employees. HR Compliance Assist is a service exclusively available to Ultimate Software customers.

Share Your Feedback

Let's Talk