Latest Articles

On 25 May 2018, the EU’s new General Data Protection Regulation (GDPR) will come into force. While the regulations are aimed at protecting EU citizens and residents, its reach will be global and will impact on certain businesses operating in South Africa. The GDPR replaces the Data Protection Directive and is far-reaching, imposing additional obligations on organisations processing personal data of individuals in the EU. The protection not only extends to EU-residents, but all individuals…
The South African Reserve Bank (SARB) has established a Financial Technology (Fintech) programme to assess the emergence of technological innovations in the financial sector and consider their regulatory implications. In a statement issued on 13 February 2018, the SARB stated that it ‘takes a balanced approach to technological innovations, considering the potential benefits and risks of each innovation’. The programme has three main objectives, all aimed at assisting ‘in the formulation of appropriate policy frameworks…
Although the Information Regulator is not yet fully operational, it has already received numerous complaints relating to the unlawful processing of personal information under the Protection of Personal Information Act 2013 (POPI). POPI itself is not yet fully in force. We are currently awaiting publication of a revised draft of the regulations following the closure of public comments in November 2017. See our previous post for more information. At a press briefing in September 2017,…
The Department of Justice and Constitutional Development has published responses to the public comments received on the Cybercrimes and Cybersecurity Bill, which was tabled in parliament in February 2017. The lengthy responses are available here. See our previous post on the major changes to the original draft published for public comment in August 2015. Several further amendments to the Bill are proposed, including: Revisions to the offences of unlawful access to data, incitement…
The Information Regulator published draft regulations under the Protection of Personal Information Act 2013 (POPI) for public comment by 7 November 2017. The regulations cover various procedural items, including: the manner of objecting to the processing of personal information; requests for correction or deletion of personal information; the application form for industry codes of conduct; requests for a data subject’s consent to electronic direct marketing; submitting complaints or grievances; and the proceedings during investigations and…
The South African Information Regulator published draft regulations under the Protection of Personal Information Act 2013 (POPI) for public comment by 7 November 2017. The regulations cover various procedural items, including: the manner of objecting to the processing of personal information; requests for correction or deletion of personal information; the application form for industry codes of conduct; requests for a data subject’s consent to electronic direct marketing; submitting complaints or grievances; and the proceedings during…