The South Africa Protection of Personal Information Act (POPIA) is the national consumer privacy law of South Africa. On 1 July 2020, most of the provisions which create obligations for businesses came into effect. A year later, on 30 June 2021, additional provisions were enacted, such as amendments to the Promotion of Access to Information Act (PAIA) of 2020.
POPIA is similar to the EU’s General Data Protection Regulation (GDPR) and governs how companies (both controllers and processors) collect, use and otherwise process personal information (PI). POPIA applies to the processing of PI where the:
- Controller or processor resides in South Africa, or
- PI is processed in South Africa
Find more information on POPIA please click here (link resides outside ibm.com).
IBM implemented a process to review all its products, offerings and services against POPIA requirements. We believe our standard technical and organization measures (IBM DPA) in combination with the IBM DPA are appropriate and proportionate to help customers meet the POPIA standard.
POPIA has been applied to IBM’s Data Privacy Addendum. To reference the laws or jurisdictions which the IBM Data Protection Addendum (DPA) covers, including applicable sections for POPIA, visit the IBM DPL. IBM’s DPA can be found on our IBM Terms site.
For more information on IBM’s data privacy policies, visit the IBM Trust Center. If you have further questions on IBM’s privacy policy related to our external offerings, contact the IBM Chief Privacy Office Helpdesk.