South Africa: The development of codes of conduct under POPIA

South Africa: The development of codes of conduct under POPIA

The Protection of Personal Information Act 4 of 2013 (POPIA) provides for the issuing of Codes of Conduct to apply to a specific sector, industry, body or class of persons when it comes to measures enabling such group of persons implementing suitable measures to comply with its provisions. The article provides an overview of what Codes of Conduct are, when codes may apply and what potential benefits codes of conduct may have if developed.

The Role and Liability of an Operator under POPIA

The Role and Liability of an Operator under POPIA

POPIA defines a number of different persons who may either, in the circumstances, be involved in and/or responsible for the processing and protection of personal data or alternatively, are the persons to whom such personal data relates. Amongst these persons defined is the 'operator' (equivalent to 'data processor' under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')). In this article we provide a high-level overview of the role of an operator, how the position compares to the role of the 'responsible party' (equivalent to a 'data controller' under the GDPR), and what organisations should practically be considering when it comes to implementing compliance measures which this role may involve.