POPIA defines a number of different persons who may either, in the circumstances, be involved in and/or responsible for the processing and protection of personal data or alternatively, are the persons to whom such personal data relates. Amongst these persons defined is the 'operator' (equivalent to 'data processor' under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')). In this article we provide a high-level overview of the role of an operator, how the position compares to the role of the 'responsible party' (equivalent to a 'data controller' under the GDPR), and what organisations should practically be considering when it comes to implementing compliance measures which this role may involve.

POPIA's provisions regulate direct marketing by electronic means and in essence, require that an opt-in consent be obtained prior to a data subject's personal data being processed for direct marketing purposes. But what does this all mean and can an organisation still continue to use direct marketing methods to potentially generate business?

As lockdown regulations ease and more businesses begin to open their doors, here are some key points to consider regarding the collection and use...

The Information Regulator published a Guidance Note on 3 April 2020 to assist organisations in their processing of personal information in the...

The coronavirus (COVID-19) pandemic has gripped the world and South Africa has been no exception. President Cyril Ramaphosa announced on 23 March...

Adv. Pansy Tlakula, chairperson of the Information Regulator, has requested President Cyril Ramaphosa to announce 1 April 2020 as the...

On 14 December 2018 the Regulations Relating to the Protection of Personal Information 2018 (POPI Regulations) were published by the Information...

What everyone in South Africa must learn from the privacy debacle. It was with a bit of irony that Facebook users all over the world reacted with...