TODAY: 1 NEW BREACH·LAST 30 DAYS: 4·RECORDS THIS YEAR: 5.6M·MOST TARGETED: GOVERNMENT·TOP ORIGIN: France·LARGEST BREACH: MedCore Systems — S3 Bucket Exposure (4.2M)·GLOBAL THREAT LEVEL: NORMAL·TODAY: 1 NEW BREACH·LAST 30 DAYS: 4·RECORDS THIS YEAR: 5.6M·MOST TARGETED: GOVERNMENT·TOP ORIGIN: France·LARGEST BREACH: MedCore Systems — S3 Bucket Exposure (4.2M)·GLOBAL THREAT LEVEL: NORMAL
🇿🇦

South Africa Data Privacy Regulations

Protection of Personal Information Act (POPIA)
High Severity
Enacted: 2013 (Amended: 2021)

Overview

POPIA promotes the protection of personal information processed by public and private bodies in South Africa.

Scope of Application:

Responsible parties domiciled in South Africa or processing data within South Africa.

Key Rules & Obligations

Breach Notification

As soon as reasonably possible.

Maximum Penalties

Up to R10 million or 10 years imprisonment.

Data Transfers

Requires adequate level of protection in receiving country or consent.

Individual Rights

  • Access
  • Correction
  • Deletion
  • Object

Enforcement Authority

Information Regulator (IR)

Contact: Complaints portal online

Visit Authority Website

Notable Breaches in South Africa

No notable public breaches matching these criteria currently indexed.

Official Sources

Frequently Asked Questions

What is POPIA?

South Africa's comprehensive data privacy law.

Does POPIA apply to companies outside South Africa?

Yes, if they use automated or non-automated means to process personal information in South Africa.

Last updated: March 5, 2026

Notice an error? Report a correction