CATEGORIES
- (4) Negotiating Tax Debt and Payment Arrangements with SARS
- (2)Account / Profile
- (551)Accounting
- (2)Accounting and Finance
- (29)Audit
- (156)Auditing and Assurance
- (1)Business
- (1)Business Management
- (3)Business Rescue
- (102)CIPC
- (7)Compliance
- (18)Ethics and Professionalism
- (46)Financial Reporting
- (1)Government Funding Applications
- (4)Guides
- (1)Individuals Tax
- (27)Law
- (37)Legal and Compliance
- (2)Management
- (13)Miscellaneous
- (29)Money Laundering
- (1)Personal & Professional Development
- (2)Practice Management
- (2)Professional Ethics
- (3)Public Sector
- (145)Regulatory Compliance and Legislation
- (41)SARS Issues
- (29)Sustainability Reporting
- (42)Tax
- (1)Tax Update
- (9)Technology
- (1)Wills, Estates & Trusts
- Show All
CDH: POPIA amendments summary
- 27 May 2025
- Regulatory Compliance and Legislation
- South African Accounting Academy
Summary:
Cliffe Dekker Hofmeyr has published a handy summary on the recent important amendments to Regulations under the Protection of Personal Information Act (POPIA).
Article:
Significant amendments have been made to the Regulations issued under the Protection of Personal Information Act 4 of 2013 (POPIA). These changes appear to be aimed at providing data subjects with more options to enforce their rights.
The amendments, effective from 17 April 2025, follow the Information Regulator’s introduction of an e-Portal to report security compromises online.
As of 1 April 2025, the portal is deemed a mandatory reporting tool for both private and public organisations.
The following amended Regulations are set out in a table format, which compares the old and the new Regulations:
- Regulation 2: Objection to the processing of personal information
- Regulation 3: Request for correction or deletion of personal information or destruction or deletion of the record of personal information
- Regulation 4: Additional duties and responsibilities of the information officer
- Regulation 6: Request for a data subject’s consent to process personal information
- Regulation 7: Submission of a complaint
- Administrative fines
The following are key takeaways for organisations:
- Mechanisms must be implemented to ensure that telephone conversations are easily recorded and accessible, particularly when a data subject requests the destruction and deletion of their personal information or objects to it being processed.
- Since opting out is not considered valid consent, as required by section 69(2) of POPIA, organisations must revise their internal procedures for obtaining consent from data subjects for direct marketing purposes through electronic communications.
- PAIA manuals need to be updated to make provision for the new prescribed forms.
Click here to download the 7-page summary document:
Relevance to Auditors, Independent Reviewers & Accountants:
- POPIA is an important piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
- As an auditor, independent reviewer and accountant, you also need to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator as well as handy publications by e.g. legal practices.
Relevance to Your Clients:
- An entity (company or close corporation) should to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee, and handy publications by e.g. legal practices.