POPIA

The part Lancet got wrong wasn't the breach. It was the hour after.

The Information Regulator’s R100,000 fine against Lancet Laboratories was for a paperwork failure, not the breach itself. On 5 May 2026 the Regulator announced sector-wide enforcement assessments for 2026/27 — and the part most businesses …

The Information Regulator's health focus: what businesses outside healthcare still need to do

The Information Regulator has named health a priority enforcement sector for 2026/27, and the March 2026 Regulations on Health Information explicitly bring employers into scope as responsible parties. Sick notes, EAP records, IOD paperwork, wellness …

AI Is About to Break Manual Privacy Compliance

AI removes the human bottleneck that once kept compliance workloads manageable. Organisations still relying on email folders, spreadsheets and manual registers are about to be exposed — not by documentation gaps, but by operational maturity gaps.

Why POPIA Compliance Is More Than Just a Regulation

Many organisations treat POPIA as a legal checkbox. That approach leaves real gaps. Here is why POPIA is a framework for responsible data governance — and what genuine compliance actually requires.

Compliance: Are You Really Ticking the Boxes — or Just Hoping You Are?

Most organisations believe they are compliant because they have policies and documents. Regulators care about evidence, not paperwork. Here is what real, audit-ready compliance actually looks like.

You Are Responsible for Your Third Parties: POPIA and Operator Accountability

POPIA places accountability on responsible parties for how their operators handle personal information. This article explains what that means for contracts and oversight.

The Wrong Approach to POPIA: Common Pitfalls That Undermine Compliance

Common compliance shortcuts — checkbox audits, copy-paste policies, one-off training — undermine POPIA programmes. This article identifies the pitfalls to avoid.

The Role and Responsibilities of the Information Officer Under POPIA

POPIA requires every organisation to designate an Information Officer. This article sets out what that role involves and what organisations need to put in place.

Privacy and Santa: A Light‑hearted Look at Personal Information Awareness

Introduction The festive season often brings a focus on generosity, tradition and anticipation — but it can also offer a useful reminder about privacy and personal information. From wish lists and delivery addresses to behavioural tracking and …

POPIA Explained: What the Protection of Personal Information Act Means for South African Organisations

POPIA forms the backbone of data protection law in South Africa. This comprehensive guide explains what POPIA means for day-to-day operations and governance.

A Privacy Mindset: Why POPIA Compliance Starts with Culture

Technical compliance alone is not enough. This article makes the case for building a privacy culture — and explains how organisations can shift mindsets, not just processes.

A Practical POPIA Implementation Approach for Sustainable Compliance

Most POPIA programmes fail not because of poor intent but poor structure. This article outlines a phased, practical approach that produces sustainable compliance.

POPIA Security Safeguards in Practice: From Legal Requirement to Operational Reality

POPIA’s requirement to implement appropriate security safeguards goes beyond IT. This article explains what the obligation means in operational terms.

POPIA Incident and Data Breach Response: Managing the Inevitable with Accountability

A data breach is a question of when, not if. This article covers what POPIA requires when a breach occurs, and how to build a response process before you need it.

POPIA Record Keeping and Retention in Practice: Managing Information with Accountability

POPIA requires organisations to retain personal information only as long as necessary. This article explains how to build a defensible retention and destruction framework.

Why POPIA Still Matters: Why South African Organisations Should Care About Personal Information Protection

POPIA is not simply a regulatory requirement — it directly affects trust, reputation and operational resilience.

POPIA Training and Implementation: Turning Awareness into Real Compliance

POPIA training is essential but not sufficient alone. Effective compliance requires embedding awareness within implementation and governance structures.

POPIA Rights and Responsibilities: What Organisations and Data Subjects Need to Understand

POPIA is about balancing individual rights with organisational responsibilities through accountable, transparent and defensible information practices.

SECTOR ALERT The Information Regulator’s health focus: what businesses outside healthcare still need to do The Information Regulator has named health one of five priority enforcement sectors for 2026/27. Combined with the new health information …