All our site documents here.
We have included all the legal documentation regarding this website. This website is based in South Africa where the POPIA is in force. As we want this to be a truly global website we try to, where possible, keep to all the laws pertaining to this Act within international boundaries. Please read below.
The Protection of Personal Information Act (POPIA) in South Africa is heavily modelled after international data protection standards, most notably the European Union’s General Data Protection Regulation (GDPR) – Michalsons
While POPIA is unique to South Africa, it has several international equivalents that govern data privacy in other jurisdictions: hgs
Primary International Equivalents
- EU/UK: General Data Protection Regulation (GDPR) and the UK GDPR are the closest equivalents, with similar requirements for data processing, consent, and rights.
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA).
- Brazil: General Data Protection Law (LGPD).
- USA (California): California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
- Australia: Privacy Act 1988.
- China: Personal Information Protection Law (PIPL).
- India: Digital Personal Data Protection Act (DPDP). RSM Global
Key Similarities to Global Standards (GDPR)
Like the GDPR, POPIA establishes:
- Core Principles: Accountability, processing limitation, purpose specification, and security safeguards.
- Roles: Defines “Responsible Party” (similar to Data Controller) and “Operator” (similar to Data Processor).
- Rights: Individuals have rights to access, correct, and delete their data.
- Data Protection: Requires strict conditions for transferring personal information to other countries.
SAFLII
Key Differences from Overseas Laws
While similar, POPIA has distinct differences from the GDPR:
- Juristic Persons: POPIA protects the data of both natural persons (living individuals) and “juristic persons” (companies, organizations), while GDPR generally only protects individuals.
- Breach Notification: POPIA requires notifying the Regulator of breaches “as soon as reasonably possible,” whereas GDPR specifies a 72-hour deadline.
- Criminal Liability: Non-compliance with POPIA can lead to up to 10 years in prison, which is not included in the GDPR. Data Guidance