CATEGORIES
- (5) Negotiating Tax Debt and Payment Arrangements with SARS
- (2)Account / Profile
- (558)Accounting
- (2)Accounting & Financial Reporting
- (2)Accounting and Finance
- (29)Audit
- (159)Auditing and Assurance
- (1)Business
- (1)Business Management
- (3)Business Rescue
- (109)CIPC
- (7)Compliance
- (18)Ethics and Professionalism
- (46)Financial Reporting
- (1)Government Funding Applications
- (4)Guides
- (1)Independent Reviews
- (1)Individuals Tax
- (31)Law
- (49)Legal and Compliance
- (2)Management
- (29)Miscellaneous
- (29)Money Laundering
- (1)Personal & Professional Development
- (2)Practice Management
- (2)Professional Ethics
- (3)Public Sector
- (145)Regulatory Compliance and Legislation
- (41)SARS Issues
- (29)Sustainability Reporting
- (43)Tax
- (1)Tax Update
- (10)Technology
- (1)Wills, Estates & Trusts
- Show All
Information Regulator: POPIA – Draft code of conduct relating to gated access
- 26 May 2026
- Law
- South African Accounting Academy
Summary:
The Information Regulator has published the draft Gated Access Code of Conduct under the Protection of Personal Information Act (POPIA).
Article:
The aim is to ensure that owners and managers (and their security and technology service providers) of any premises (including residential estates and office parks) with gated access process personal information lawfully, responsibly, and in line with POPIA in South Africa.
The code will apply to many properties and people, and will require action to comply.
Comments were due by 14 May 2026.
The code will apply to any premises with gated access or controlled access. Premises include “a house or building, together with its land and outbuildings, occupied by residents, business or considered in an official context, such as residential estate or commercial/complex/office park etc”. Gated access “means restricted entry to a specific area, requiring authorisation or credentials for access.”
- Residential estates
- Sectional title schemes
- Gated communities and housing complexes
- Business parks, commercial premises or office parks
- Public (Government) buildings
The following kinds of people will have to comply:
- Private and public bodies that own or manage premises with gated access
- Trustees of the body corporate
- Managing agents
- Home Owners’ Associations (HOAs)
- Executive estate managers in the private and public sectors
- Facilities manager of many corporates in South Africa
- Security service providers (acting as operators on a need-to-know basis)
- Technology and access control system suppliers (acting as operators on a need-to-know basis)
If you collect people’s personal information to control entry to premises, this applies to you.
Once finalised, the code will come into effect 28 days after it is published in the Government Gazette.
Click here to download the 65-page document:
Relevance to Auditors, Independent Reviewers & Accountants:
- POPIA is an important piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
- All clients who have gated access will have to comply with this Draft Code of Conduct.
- As an auditor, independent reviewer and accountant, you also need to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.
Relevance to Your clients:
- An entity (company or close corporation) should to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.
- All clients who have gated access will have to comply with this Draft Code of Conduct.