Protection of Personal Information Act, 2013 (Act No. 4 of 2013)Codes of ConductGuidelines to Develop Codes of ConductPart 4 - Complaints Handling28. The complaints process |
| 28.1 | A code of conduct may prescribe procedures for making and dealing with complaints alleging a breach of a code without limiting or restricting the provisions of Chapter 10 of POPIA. |
| 28.2 | Once a code issued under Section 60 of POPIA is in force, failure to comply with such a code is deemed to be a breach of the conditions for the lawful processing of personal information referred to in Chapter 3 of POPIA and dealt with in terms of Chapter 10 of POPIA. |
| 28.3 | If a code sets out procedures for making and dealing with complaints the Regulator must be satisfied that the code meets the prescribed standards in line with POPIA and the guidelines issued by the Regulator in terms of Section 65 of POPIA. |
| 28.4 | If a code sets out procedures for making and dealing with complaints, the code must provide for the appointment of an independent adjudicator by the relevant body with whom the complaints may be lodged. |
| 28.5 | A code must provide for the details of the independent adjudicator. |
| 28.6 | A responsible party or data subject who is aggrieved by a determination, including any declaration, order or direction that is included in the determination, made by an adjudicator after having investigated a complaint relating to the protection of personal information under an approved code of conduct, may submit a complaint in terms of section 74(2) with the Regulator, against the determination upon payment of a prescribed fee. |