POPIA regulator clamps down on marketing practices

The Information Regulator has issued its first enforcement notice against a company for breaching the conditions of lawful processing of personal information, by virtue of direct marketing.

Employers and businesses should heed this action of the Regulator as a warning to not market their services outside the lawful parameters of the POPIA.

In an interesting development, the Regulator has decided that telemarketing amounts to ‘electronic communication’ and must be regulated in terms of the POPIA, which will hopefully, in future, ensure that ‘spam’ calling dies its long-awaited death.

The complainant lodged his/her complaint with the Regulator following countless direct marketing messages received by the contravening company. Regardless of the multiple attempts to ‘opt-out’ and requests to be removed from the company emailing list, the company blatantly ignored the pleas from the data subject and continued to send them marketing messages via email.

The Regulator instructed the company to stop sending unsolicited direct marketing messages by any means of electronic communication to which any data subject has not consented and further ordered the company to provide evidence of its compliance with these orders. In this case, the company has 90 days to comply with the instructions, and non-compliance will result in a fine of up to R10 million or imprisonment for up to ten years.

In addition to the Regulator clamping down on private companies and their failure to comply with POPIA, all eyes are now on South Africa’s Companies and Intellectual Property Commission (CIPC), that experienced a security breach in which certain personal information of their clients and CIPC employees was unlawfully accessed and exposed. Although the CIPC states that it is “taking every reasonable step to ensure that all CIPC systems and platforms are safe and protected from unauthorised and unlawful access”, only time will tell how the Regulator will address this concerning turn of events.


For assistance with your business’ POPIA compliance, please contact your regional NEASA office.