New POPIA Regulations

The Information Regulator has made significant amendments to the Regulations issued under the Protection of Personal Information Act 4 of 2013 which are already in effect.

The changes contained in the new POPIA Regulations are summarised below:

Regulation 1

This makes provision for terminology changes which are not material in terms of compliance.

Regulation 2

Data subjects are provided with more options to enforce their rights with Responsible Parties. An amended Form 1 available from the Information Regulator’s website should be used by data subjects to exercise their rights.

Regulation 3

Responsible Parties now have 30 days to inform data subjects of the action taken regarding requests for the correction or deletion of their personal information. Form 2 or a similar form should be used for raising requests for personal information to be corrected or deleted by the Responsible Party.

Regulation 4

Information Officers are now required to continually improve the POPIA and PAIA Compliance Frameworks for their organsiations, as opposed to monitoring and maintaining them as required by the previous regulations.

Regulation 5

The definition of “private or public bodies” has been replaced with “relevant body/bodies”.

Regulation 6

Changes to obtaining consent for electronic direct marketing have been changed to include telephonic consent which must be recorded electronically. The opt-in and opt-out consent provision has now been removed. Form 4 available from the Information Regulator’s website should be used to obtain consent for electronic direct marketing.

Regulation 7

A data subject, or a person acting on their behalf, whose personal information has been interfered with may, submit a complaint to the Information Regulator using Form 5 available from the Information Regulator’s website, either the online form or the offline form, should be used submit a complaint.

Administrative Fines

A Responsible Party served with an infringement notice who is unable to pay the administrative fine in a lump sum, may make arrangements with the Regulator to pay the administrative fine in installments.

Link to Forms on the Information Regulator’s website

New POPIA Regulations Download Link.

Prepared by John Cato

IACT-Africa

27 May 2025

Please Contact Us for more information.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others