26 June 2024

What are the Penalties for Non-Compliance with POPIA

Privacy Policy - Related 2

According to the Protection of Personal Information Act (POPIA) in South Africa, there are significant penalties for non-compliance. The key penalties outlined in the Act are:

  1. Administrative Fines (Section 109):
  • The Information Regulator can issue an administrative fine of up to R10 million for non-compliance with POPIA.
  • In determining the fine amount, factors like the nature of personal information involved, the number of data subjects affected, the likelihood of damage/distress, the preventability of the contravention, etc. are considered.
  1. Criminal Penalties (Section 107):
  • For serious offences like obstructing the Regulator, failing to comply with enforcement notices, unlawfully obtaining/disclosing account numbers, etc., the penalty can be a fine or imprisonment for up to 10 years or both. [1][11]
  • For less serious offences like failing to get prior authorisation, breach of confidentiality, obstructing warrant execution, providing false statements/evidence, etc., the penalty can be a fine imprisonment for up to 12 months, or both. [1][11]
  1. Civil Claims:
  • Section 99 allows data subjects to institute civil proceedings against responsible parties for damages arising from interference with their personal information in violation of POPIA. [3]

The R5 million administrative fine recently imposed on the Department of Justice and Constitutional Development by the Information Regulator for non-compliance with an enforcement notice is a significant example of the regulator exercising its powers under POPIA. [5][6][7][10]

The penalties aim to ensure responsible parties take POPIA compliance seriously and implement adequate measures to protect personal information. Non-compliance can result in substantial fines, criminal prosecution, civil claims, and reputational damage for organisations. [1][3][8][9]

[1] https://popiachecklist.co.za/popia-non-compliance/
[2] https://www.michalsons.com/focus-areas/privacy-and-data-protection/protection-of-personal-information-act-popia/popia-offences-penalties-and-administrative-fines [3] https://www.werksmans.com/legal-updates-and-opinions/i-will-never-get-caught-the-consequences-of-non-compliance-with-popia/ [4] https://popia.co.za/protection-of-personal-information-act-popia/chapter-11/
[5] https://www.itweb.co.za/article/more-popia-fines-on-the-horizon-warns-inforeg/8OKdWMDXrVLMbznQ
[6] https://bowmanslaw.com/insights/south-africa-beware-information-regulator-issues-first-fine-of-zar-5-million-under-popia/
[7] https://www.moonstone.co.za/department-of-justice-fined-r5m-for-non-compliance-with-popia/
[8] https://knowledge.propdata.net/what-happens-if-you-arent-popia-compliant
[9] https://www.baileyhaynes.co.za/News/entryid/1932/consequences-that-business-face-if-they-are-not-popia-compliant
[10] https://www.lexology.com/library/detail.aspx?g=eb11e673-6422-494a-8963-e2fbf09cedfd
[11] https://popia.co.za/section-107-penalties/
[12] https://tuckers.co.za/2024/01/5-million-rand-fine-for-popia-non-compliance/