Until very recently, data protection in South Africa was regulated only under the broad constitutional right to privacy, the common law and a few pieces of legislation that contained interim provisions relating to data protection. In November 2013, South Africa enacted the Protection of Personal Information Act, the country’s first data protection-specific legislation. The Act partially came into force in April 2014 to create an information regulator and to codify concepts such as “processing” and “personal information”. The commencement of those sections is indicative of the processes being put in place by the government of South Africa to ensure that the commencement of the remaining sections is met with relevant support, in the form of regulations and the establishment of an information regulator. Though the remaining sections of the Act (including the material provisions) are not yet enforceable and have no foreseeable or determinable effective date, businesses operating in South Africa should be aware of the Act’s provisions as they may one day come into force.