Digital Policy Alert logo

South Africa: Period for comments closed on BASA code of conduct

Policy overview

Description

Period for comments closed on BASA code of conduct

On 25 June 2021, the Information Regulator, the South African monitoring body for personal information, has closed its consultation on the Banking Association of South Africa's (BASA) code of conduct regarding the legal processing of personal information. Under section 61 of the Protection of Personal Information Act (POPI) 2013, the Regulator may issue sector-specific codes of conduct on the processing of personal information either on its own initiative or on the application of a sector's representative body.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
other service provider
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2021-06-11
in consultation

The Information Regulator, the South African monitoring body for personal information, has opened a…

2021-06-25
processing consultation

On 25 June 2021, the Information Regulator, the South African monitoring body for personal informa…

2022-10-12
adopted

On 12 October 2022, the Information Regulator issued the Code of conduct for processing of Personal…

2022-11-09
adopted

On 9 November 2022, the Information Regulator issued the Code of conduct for processing of Personal…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity other service provider
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
Preventive security requirement
Responsive security requirement
Purpose/processing limitation
Definition of oversight agency jurisdiction
Sanctions
Regulated subjects
1
personal data (all forms): data processing
Regulatory tool
Preventive security requirement
Responsive security requirement
Purpose/processing limitation
Definition of oversight agency jurisdiction
Sanctions
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
Preventive security requirement
Responsive security requirement
Purpose/processing limitation
Definition of oversight agency jurisdiction
Data storage/retention obligation
Sanctions
Regulated subjects
1
advertisement (any targeting): marketing (any form)
algorithm: ML/AI optimisation algorithm incl. matching, ranking, sorting: operate

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): data processing

personal data (all forms): storage (any form)

advertisement (any targeting): marketing (any form)

algorithm: ML/AI optimisation algorithm incl. matching, ranking, sorting: operate

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.