GDPR Article 1: Implications for POPIA 


Protection of natural persons and their right to privacy is enshrined in the Constitution. The Protection of Personal Information Act  (POPIA) is South Africa's Privacy law and introduces requirements for the processing of Personal Information.

Regulations to the Act are expected to be finalised in early 2018 and will provide detail regarding what organisations need to do in order to comply.

If a South African organisation conducts business with an EU organisation they need to understand the implications of the GDPR.  Any cross border flow of information to and from the EU should be considered.


The Protection of Personal Information Act (POPIA)  gives effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations.


The Protection of Personal Information Act (POPIA) includes provision for justifiable limitations including:

(i) balancing the right to privacy against other rights, particularly the right of access to information; and
(ii) protecting important interests, including the free flow of information within the Republic and across international borders