The Protection of Personal Information Act (POPIA) is South Africa’s data protection law. It aims to monitor, protect and regulate the processing and flow of personal information within and outside organisations to ensure the legitimate use of personal data.
POPIA makes provision for individuals to request any data that organisations are storing that relates to them personally, withdraw consent to use such data, and effectively request its destruction.
POPIA was signed into law on 26 November 2013 and was made effective in July 2020. Organisations have been given a grace period until 1 July 2021 to put appropriate measures in place to comply with the regulations contained within POPIA.