Who does South Africa's POPIA apply to?

South Africa's Protection of Personal Information Act (POPIA) is designed to protect personal information processed by public and private bodies. The act applies to both individuals and companies, which means it encompasses a wide range of entities involved in the processing of personal data. Importantly, POPIA does not limit its enforcement solely to organizations operating within South Africa; it also applies to entities outside of South Africa if they process the personal information of South African citizens or residents. This extraterritorial scope helps ensure that individuals' privacy rights are protected, regardless of where the data processing occurs, thereby enhancing the overall safeguarding of personal information.

By including both individuals and companies, regardless of their geographical location, the act demonstrates South Africa's commitment to upholding international standards for data protection and privacy rights. This makes it clear that compliance with POPIA is essential for a wide range of stakeholders who handle personal data related to South African residents.