DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇿🇦 South Africa

POPIA compliance with ConsentX

Protection of Personal Information Act

In short
South Africa's data protection law sets conditions for lawful processing of personal information, including consent and purpose limitation.
Region

South Africa

Status

In force since 2021

Group

Asia & Africa

Who it applies to

Any party (responsible party) processing personal information in South Africa.

Penalties

Fines up to R10 million and, in serious cases, imprisonment.

Key obligations

  • Process only with a lawful basis
  • Obtain consent where required
  • Limit processing to the purpose
  • Honor data subject participation rights
  • Notify the regulator of breaches

How ConsentX helps

Lawful-basis consent capture

Purpose-limited categories

Data subject request intake

Evidence and reporting

Get POPIA ready with ConsentX

Start free, or book a walkthrough with our team.

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.

Frequently asked questions

Who enforces POPIA?+

The Information Regulator of South Africa enforces POPIA, with fines up to R10 million for serious violations.

Other frameworks

🇪🇺 GDPR🇬🇧 UK GDPR🇺🇸 CCPA / CPRA🇺🇸 VCDPA🇺🇸 Colorado CPA🇺🇸 CTDPA🇺🇸 UCPA🇺🇸 TDPSA🇺🇸 Oregon OCPA🇺🇸 Montana MCDPA🇺🇸 Florida FDBR🇧🇷 LGPD🇨🇦 PIPEDA🇮🇳 DPDPA🌏 PDPA