30 April 2025 | Regulatory Compliance & Legislation
In a decisive move to tighten data protection oversight, the South African Information Regulator has officially launched its new eServices portal, a digital platform for reporting security compromises as required under the Protection of Personal Information Act (POPIA).
From 1 April 2025, all public and private entities are legally required to submit data breach notifications through this portal. The Regulator has made it clear: email submissions are no longer accepted.
The new online system, accessible at eservices.inforegulator.org.za, is designed to streamline the process of lodging reports when there are reasonable grounds to believe that a data subject’s personal information has been accessed or acquired by an unauthorised party.
Under section 22(1) of POPIA, any such incident must be reported to the Information Regulator and—where identifiable—the affected individuals must also be notified.
Support materials, including comprehensive step-by-step guides for registering Information Officers and lodging reports, are available on the portal. The official media statement released by the Regulator can be downloaded here.
