POPIA: Information Regulator bares its teeth

On 29 June 2022, the Information Regulator hosted a media breakfast briefing, in which it, in no subtle terms, warned businesses and individuals (responsible parties) who are currently contravening the Protection of Personal Information Act (POPIA) that it will conduct its own-initiative investigations and said that transgressors should “not allow yourself (sic) to be the first example of the regulator’s bite”.

Due to the prevalence of security compromises, the Regulator has decided to establish a dedicated Security Compromise Unit, that will conduct extensive investigations or assessments into the security compromises suffered or experienced and issue reports with findings and recommendations. Some of the own-initiative assessments that the Regulator is conducting include WhatsApp, TransUnion and the Department of Justice and Constitutional Development.

The Regulator has, since July 2021, received and pre-investigated over 700 complaints from data subjects. Even though the majority of complaints were related to direct marketing by means of unsolicited electronic communication, once the Regulator investigates a complaint, it opens the door for further investigation into all of a company’s information processing activities. Should a company then be found not to adhere to every provision of POPIA, they may face the enforcement powers and/or penalties of the Regulator.

Companies who wish to avoid being found non-compliant with the Act can contact NEASA now on 012 332 5350 for POPIA compliance assistance services tailored to their business.

For more information:
NEASA Media Department
This email address is being protected from spambots. You need JavaScript enabled to view it.