Last Updated 11 September 2017 03:39:27 PM



The Protection of Personal Information Act, No 4 of 2013 promotes the protection of personal information by public and private bodies.

The Protection of Personal Information (POPIA) Act has been signed into law by the President on 19 November and published in the Government Gazette Notice 37067 on 26 November 2013. Once the Act is made effective, companies will be given a year’s grace period to comply with the Act, unless this grace period is extended as allowed by the Act.

The President has signed a proclamation declaring some parts of the Protection of Personal Information Act No 4 of 2013 effective from 11 April 2014 (74Kb PDF)

The sections that became effective deals with the appointment of the Information Regulator.

The National Assembly approved the appointment of members to the Information Regulator on 7 September 2016. 
The Regulator will be responsible for education, monitor and enforce compliance, handle complaints, perform research and facilitate cross-border cooperation.

Adv Pansy Tlakula was appointed as the Information Regulator with effect from 1 December 2016. Adv Lebogang Stroom, and Johannes Weapond were appointed as full-time members and  Prof Tana Pistorius and Sizwe Snail were appointed as part-time members. They will serve a term of office of five years.




  • Protection of Personal Information Act, No 4 of 2013 (392Kb PDF)
  • Proclamation of effective date of certain sections (11 April 2014) (74Kb PDF)

Please visit the Contemporary Gazette page for access to the latest laws

Regulations and Notices

  • September 2017: Call for comments on the Regulations to the Protection of Personal Information Act, 2013 comments due to SAICA by 24 October 2017 – Regulator deadline 7 November 2017 (454 Kb PDF)