Last review date: 31 December 2024

Yes.

The storage of employees tax information outside of South Africa requires the prior written approval of the South African Revenue Service ("SARS").

It is prohibited to transfer personal data about a data subject to a third party recipient who is in a foreign country unless: (i) the third party recipient is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection that : (a) effectively upholds principles for the reasonable processing of personal data that are substantially similar to the conditions for the lawful processing of personal data relating to a data subject who is a natural person, and where applicable, a juristic person; and (b) includes provisions, that are substantially similar to POPIA, relating to the further transfer of personal information from the recipient to third parties who are in a foreign country.

The South African Reserve Bank has issued a directive and guidance note detailing items banks must consider when electing to adopt cloud computing as a service or any offshoring of data. These provisions, however, do not provide for data localization or residency.

☐     Other laws that may require the retention and storage of personal data (including, for example, where such data is part of another type of record or dataset) in the local jurisdiction or otherwise prohibit the transfer or disclosure of the personal data outside of the local jurisdiction:

☒        tax or financial record laws

Obligation for public sector organizations to share or make accessible non-personal data

☐ Obligation to share data on request

☐ Obligation to share data proactively

☐ Obligation to (re)design products or services to facilitate data accessibility

☐ Obligation to standardize products or services to facilitate data portability or interoperability

None of the above apply.