Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
South Africa’s Constitution sets the foundation for privacy in the country, giving everyone the right to privacy, including “the right not to have…the privacy of their communications infringed” (Sec. 14). The Protection of Personal Information Act, 2013 (POPI) regulates and sets the standard that public and private bodies must follow. Under POPI, employers (and other data processors) must follow certain parameters to process personal data, including:
Under POPI, processing sensitive personal information may require the consent of the employee. Sensitive personal information includes information concerning: religious/philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information, and/or criminal behavior.
In addition, Regulations Relating to the Protection of Personal Information were published in December 2018. These Regulations further define the requirements outlined in POPI.
____________________________________
The current authority responsible for enforcement of data privacy law and regulations in South Africa is the:
Information Regulator (South Africa)
http://www.justice.gov.za/inforeg/