Accelerate compliance with South Africa’s privacy regulations

The law applies to “responsible parties” (data controllers) that are either based in South Africa, or international entities that processes data using means within the country. 

The law requires responsible parties and processors to limit data processing and collection to its specific purpose, obtain consent before collection, and inform individuals that their sensitive data was collected. The organization must ensure that the collected data is accurate, facilitate data subject participation in the editing and deletion of their data, and is protected under appropriate security safeguards.  The law also requires organizations to appoint information officers to oversee compliance and register them with the Information Regulator that oversees the law’s enforcement. In the event of a data breach, organizations must inform the affected data subject, the Regulator, and other organizations as soon as possible. 

OneTrust operationalizes POPIA requirements and provides the tools you need in a single place. Automate data subject rights requests by deploying POPIA-compliant web forms, centralize and update policies and codes of conduct, track consent across systems, and streamline incident response. You can also keep up to date with the law’s amendments with a regulatory database built by legal experts.