🇿🇦 Live Privacy & Data Protection

South Africa Protection of Personal Information Act (Act 4 of 2013)

Protects personal information processed by public and private bodies in South Africa.

View official source document

Rules extracted

176

Obligations decomposed

10.4x

Avg obligations per rule

🇿🇦 South Africa

Jurisdiction

About this regulation

POPIA was assented to on 19 November 2013 and commenced on 1 July 2020, with a one-year grace period for compliance expiring on 30 June 2021. The Act establishes eight conditions for the lawful processing of personal information, provides enhanced protections for special personal information and children's data, regulates trans-border information flows, creates the Information Regulator as independent supervisory authority, and imposes criminal penalties and administrative fines up to ZAR 10 million. POPIA applies to responsible parties (data controllers) who process personal information of data subjects within South Africa or using means situated in South Africa.

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

176

Obligations

10.4x

Decomposition ratio

Each rule is decomposed into an average of 10.4 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 176 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in POPIA is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: South Africa Protection of Personal Information Act (Act 4 of 2013)
Regulatory body: Information Regulator of South Africa
Jurisdiction: 🇿🇦 South Africa
Document type: act
Effective date: July 1, 2020
Issuing authority: Parliament of the Republic of South Africa
Industry: Privacy & Data Protection
Official source: View source document ↗

Who this applies to

responsible parties (data controllers)operators (data processors)public bodiesprivate bodies

Key requirements

8 conditions for lawful processing
special personal information protections
children data protections
trans-border information flow restrictions
data breach notification
information officer appointment

Frequently asked questions about POPIA

What is POPIA?

Who does POPIA apply to?

POPIA applies to responsible parties (data controllers), operators (data processors), public bodies, private bodies.

How many obligations does POPIA contain?

AuditDSS has decomposed POPIA into 176 atomic obligations from 17 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of POPIA?

The key requirements include: 8 conditions for lawful processing, special personal information protections, children data protections, trans-border information flow restrictions, data breach notification, information officer appointment.

How can I assess my POPIA compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 176 POPIA obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces POPIA?

POPIA is enforced in South Africa by Information Regulator of South Africa.

When did POPIA come into effect?

POPIA became effective on July 1, 2020.

What industry does POPIA apply to?

POPIA is primarily relevant to the Privacy & Data Protection industry. AuditDSS covers 71 regulations in this industry sector.

Build a POPIA compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for POPIA — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering POPIA requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine POPIA with other regulations into a single unified compliance pack for your business.

Build POPIA compliance pack

Already have a policy? Assess it against POPIA

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 176 obligations

Your document is scored against every obligation in POPIA. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.