The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons)
The goal of the POPI Act is to protect data subjects from security breaches, theft, and discrimination. To accomplish this, it outlines eight principles that South African data processors must follow. Each principle encourages responsibility, security, and consent.
The General Data Protection Regulation 2016/679 (or GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
GDPR is also the standard by which most international corporates measure their suppliers of technology, and particularly regarding data security, technology environments and cloud-based system usage.