Businesses in South Africa need to notify the Information Regulator and those whose personal information has been affected by data breaches under the POPI Act.
According to a recent Business Tech article, although there is no specified time-frame for such notifications to be made, “organisations must do so quickly, as failure to report a security compromise could result in an administrative fine of up to R10 million or further legal action.”