Employee Data Privacy | South Africa

South Africa - Fines and Penalties

What are the penalties for noncompliance with any applicable data protection laws?

Noncompliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.

Penalties, including fines (of up to ZAR 10 million) and imprisonment of up to 10 years can be imposed for offences related to South Africa’s Protection of Personal Information Act, 2013 (Sec. 107)("POPI"). Fines are determined based on a number of factors including:

the nature of personal information involved;
the duration and extent of any offences;
the number of individuals who may be impacted;
whether the offence is an issue of public importance;
the likelihood of substantial damage/distress;
whether the employer could have prevented the offense;
the failure to conduct risk assessments and follow good practices/policies/procedures relating to protecting personal information; and,
whether it’s a repeat offence (POPI, Sec. 109(3)).

HR Best Practices: Before processing personal data, make sure to be in line the security measures necessary to ensure data security within your organization. Furthermore, ensure all data processors have data breach response plans in place.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk