South Africa's Protection of Personal Information Act — comprehensive data protection law with conditions for lawful processing.
Any responsible party processing personal information of data subjects in South Africa.
Continuous evidence pipeline available; audit support included for all customers.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Eight conditions for lawful processing.
Notification of security compromises to the Information Regulator.
Cross-border transfers with safeguards.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Information Regulator notification template.
Cross-border transfer register.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
POPIA compliance register.
Security compromise records.
These frameworks share substantial control overlap with POPIA. Customers running one assessment typically satisfy the others with the same evidence base.
European Union
The EU's General Data Protection Regulation — the global gravity well of privacy law since 2018.
Latin America & Africa
Brazil's General Data Protection Law — broadly aligned with GDPR with Brazil-specific enforcement and DPO regime.
Latin America & Africa
Nigeria's data protection law — NDPR transitioning to Nigeria Data Protection Act 2023.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.