South Africa: Implemented Information Regulator Code of conduct governing the conditions for lawful processing of personal information by the Credit Bureau Association

On 9 November 2022, the Information Regulator implemented the Code of conduct governing the conditions for lawful processing of personal information by the Credit Bureau Association. The code applies to credit bureaus which are members of the Credit Bureau Association. The code imposes several obligations, including the appointment of an Information Officer, obtaining explicit consent from data subjects, conducting personal information impact assessments, ensuring data quality and accuracy. The code also requires maintaining robust security safeguards, and facilitating data subjects’ rights to access and correct their personal information. Additionally, credit bureaus must establish clear procedures for handling complaints and reporting security breaches.