Challenges of implementation of data protection legislation in a South African context

Marvin Walter Theys*, Ephias Ruhode, Patricia Harpur

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

20 Downloads (Pure)


South Africa has enacted its own information protection law, the Protection of Personal Information (POPI) Act, in 2013. 2018 saw the publication of the regulations. Neither the Act nor its regulations provide recommendations that assists organizations with achieving compliance. Furthermore, POPI impacts businesses from various sectors differently. The type of personal information stored and required for processing differs across organizations. Moreover, fines issued under the POPI Act could reach as high as 10 million Rand. This paper outlines a case study which explored within a single organization to identify what the challenges are that an organization could be faced with. The study is conducted throughout the organizational levels within a single organization. In the light of the imminent enforcement of the POPI Act, this paper highlights challenges that organizations could experience.
Original languageEnglish
Title of host publicationProceedings of The 11th International Conference on Research in Science and Technology
Subtitle of host publication14-16 May, 2021, Paris, France
PublisherDiamond Scientific Publishing
Number of pages12
ISBN (Print)9786094851551
Publication statusPublished - 14 May 2021
Externally publishedYes


  • POPI data protection South Africa
  • implementation
  • challenges
  • compliance


Dive into the research topics of 'Challenges of implementation of data protection legislation in a South African context'. Together they form a unique fingerprint.

Cite this