Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared




Financial services market, cybercrime, financial regulators, data protection, Protection of Personal Information Act 4 of 2013, European Union General Data Protection Regulation


The contemporary global financial services market has witnessed a substantial increase in cybercrime which places consumers’ personal data at risk. Rapid increases in cybercrime linked to the financial services market have driven financial market regulators to pass novel laws and regulations aimed at curbing the rate of occurrence of cybercrimes connected to personal data sharing. To that end, banks and/or financial services companies in Europe have swiftly moved to comply with the European Union’s General Data Protection Regulation. Whilst personal data protection regulation is not a new concept in Europe, most African countries (with exception of South Africa) do not have laws and regulations on personal data protection. With the financial services market being extremely vulnerable to cyber risks owing to the digitisation of the financial services sector, it is important to assess the suitability of South Africa’s current regulatory framework concerning the protection of personal data. This article thus examines South Africa’s Protection of Personal Information Act 4 of 2013 with a view to ascertaining its suitability and/or adequacy in protecting personal data in the country’s financial services market. With the global Covid-19 pandemic bringing about concerns related to rapid increases in cyber-attacks in the financial services market owing to the increased sharing of the sensitive personal data of consumers, there is also need to test the POPIA’s conformity with the strict European Union GDPR personal data protection guidelines.




Download data is not yet available.


Metrics Loading ...




Akinbowale OE, Klingehofer, HE and Zerihun MF "Analysis of Cyber-crime Effects on the Banking Sector Using the Balanced Score Card: A Survey of Literature" 2020 JFC 945-958

Alshubiri F, Jamil SA and Elheddad M "The Impact of ICT on Financial Development: Empirical Evidence from the Gulf Cooperation Council Countries" 2019 IJEBM 1-14

Boer M and Vazquez J Cyber Security and Financial Stability: How Cyber- attacks could Materially Impact the

DTTL 2012 DTTL Global Financial Services Industry Security Study Deloitte Touche Tohmatsu Limited 2012 DTTL Global Financial Services Industry Security Study (Deloitte Global Services Limited New York 2012)

Dupont B "The Cyber-resilience of Financial Institutions: Significance and Applicability" 2019 J Cybersecur 1-17

European Union Agency for Fundamental Rights Handbook on European Data Protection Law (Publications Office of the European Union Luxembourg 2018)

Fuster GG The Emergence of Personal Data Protection as a Fundamental Right of the EU (Springer Cham 2014)

Hernandez de Cos P "Financial Technology: The 150-year Revolution" Keynote address delivered at the 22nd Euro Finance Week (19 November 2019 Frankfurt) 1-11

Hoofnagle C "Designing for Consent" 2018 EuCML 162-171

Hoofnagle CJ, Van der Sloot B and ZuiderveenBorgesius F "The European Union General Data Protection Regulation: What it is and What it Means" 2019 ICTL 65-98

Jang-Jaccard J and Nepal S "A Survey of Emerging Threats in Cybersecurity" 2014 JCSS 973-993

Rodotà S "Data Protection as Fundamental Human Right" in Gutwirth S et al (eds) Reinventing Data Protection? (Springer Dordrecht 2009) 77-82

Rücker and Kugler New European General Data Protection Regulation Rücker D and Kugler T New European General Data Protection Regulation: A Practitioner's Guide (Baden-Baden Nomos 2018)

Schwartz PM and Peifer KN "Transatlantic Data Privacy Law" 2017 Geo LJ


Senousy Y, El-Khamisy N and Riad AEM "Recent Trends in Big Data Analytics towards More Enhanced Insurance Business Models" 2018 IJCSIS 39-45

Vasarhelyi MA and Kogan A "Big Data in Accounting: An Overview" 2015

Account Horiz 381-396

Voigt P and Von dem Bussche A The EU General Data Protection Regulation (GDPR): A Practical Guide (Springer Cham 2017)

Yoon S "A Study on the Transformation of Accounting Based on New Technologies: Evidence from Korea" 2020 Sustainability 1-22

Case law

Google Spain SL, Google Inc v Agencia Española de Protección de Datos (AEPD), Mario Costeja González (Case C-131/12) [2014] ECLI:EU:C:2014:317



Charter of Fundamental Rights of the European Union (2012) 2012/C326/02

Convention on Cybercrime (2001)

Directive 95/46/EC (Data Protection Directive) (24 October 1995)

General Data Protection Regulation (EU) 2016/679 (27 April 2016)

Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC (9 April 2014)

South Africa

Constitution of the Republic of South Africa, 1996

Consumer Protection Act 68 of 2008

Electronic Communications and Transactions Act 25 of 2002 Protection of Personal Information Act 4 of 2013 Government publications

Cybercrimes and Cybersecurity Bill [B6-2017]

Proc R21 in GG 43461 of 22 June 2020

Internet sources

Anon 2020 Six Cybersecurity Threats the Financial Services Sector Faces threats-the-financial-services-sector-faces accessed 3 February 2021

Barnes S 2018 There are Two Types of Companies: Those Who Know They've been Hacked and Those Who Do Not companies-those-who-know-theyve-been-hacked-those-who-dont.html accessed 2 March 2021

Baur-Yazbeck S, Frickenstein J and Medine D 2019 Cyber Security in Financial Sector Development: Challenges and Potential Solutions for Financial Inclusion publications/files/cyber_security_paper_november2019.pdf accessed 22

February 2021

Bernstein D 2018 SA Firms at High Risk from Europe's GDPR accessed 2 April 2021

Biallas M and O'Neill F 2020 Artificial Intelligence Innovation in Financial Services 6527c29165e8/EMCompass-Note-85-AI-Innovation-in-Financial- Services.pdf?MOD=AJPERES&CVID=nfuDUlG accessed 2 March 2021

Borghard 2018 financial-institutions-against-cyber-threats-national-security-issue-pub- 77324

Borghard E 2018 Protecting Financial Institutions against Cyber Threats: A National Security Issue protecting-financial-institutions-against-cyber-threats-national-security- issue-pub-77324 accessed 16 February 2021

De la Riva 2018 financial-sector-understanding-the-culprits-behind-the-keystrokes

De la Riva P 2018 Cybercriminals in Financial Sector: The Culprits Behind the Keystrokes financial-sector-understanding-the-culprits-behind-the-keystrokes accessed 5 February 2021

European Commission 2020 Data Transfers Outside the EU outside-eu_en accessed 8 February 2021

European Parliament 2020 The Ethics of Artificial Intelligence: Issues and Initiatives S_STU(2020)634452_EN.pdf accessed 12 February 2021

Gartner 2013 Threat Intelligence: What is it, and How can it Protect You from Today's Advanced Cyber-attacks? imagesrv/media-products/pdf/webroot/issue1_webroot.pdf accessed 12

February 2021

GlobeNewswire 2020 Global Mobile Payment Technology Market will Reach USD 5,500 Billion by 2026: Facts and Factors release/2020/10/26/2114405/0/en/Global-Mobile-Payment-Technology- Market-Will-Reach-USD-5-500-billion-by-2026-Facts-Factors.html accessed 16 February 2021

IBM 2014 cyber-security-intelligence-index-6806866

International Business Machines Corporations 2014 IBM Security Services 2014 Cyber Intelligence Index – Analysis of Cyber Attack and Incident Data from IBM's Worldwide Security Operations https://www.readkong. com/page/ibm-security-services-2014-cyber-security-intelligence-index- 6806866 accessed 18 February 2021

International Monetary Fund 2020 Cyber Risk is the New Threat to Financial Stability financial-stability/ accessed 17 February 2021

Intel Team 2013 Not Your Average Cybercriminal: A Look at the Diverse Threats to the Financial Services Industry https://www.cyber 18 February 2021

Kuneva M 2009 Keynote Speech SPEECH/09/156 (Roundtable on Online Data Collection, Targeting and Profiling March 31, 2009) accessed 19 February 2021

Lagazio M, Sherif N and Cushman M 2020 A Multi-level Approach to Understanding the Impact of Cyber-crime on the Financial Sector accessed 16 February 2021

Lund J 2021 How Customer Experience Drives Digital Transformation accessed 20

February 2021

MacKenzie B 2019 General Data Protection Regulation (GDPR) in Africa: So What? 2019/05/general-data-protection-regulation accessed 23 February 2021

Marketwired 2013 Agri Q3 TrustIndex Report: Financial and Health Care Most at Risk for Email-Based Cyberattacks 120000057.html accessed 26 April 2021

Morgan S 2021 Cybercrime to Cost the World $ 10.5 Trillion Annually by 2025

report-2016/ accessed 3 February 2021

Muncaster P 2021 Most Financial Services have Suffered COVID-linked- cyber-attacks services-suffered-covid/ accessed 22 February 2021

Norwich University Online 2017 Who are Cyber Criminals? criminals accessed 5 February 2021

Organisation for Economic Co-operation and Development 2020 Digital Disruption in Banking and its Impact on Competition markets.htm accessed 21 February 2021

Pan G et al (eds) 2015 Analytics and Cybersecurity: The Shape of Things to Come allfiles/document/professional-resources/business/analytics-and- cybersecurity.pdf accessed 12 February 2021

PricewaterhouseCoopers 2014 US Cybercrime: Rising Risks, Reduced Readiness: Key Findings from the 2014 US State of Cybercrime Survey cybercrime.pdf accessed 18 February 2021

PwC 2014 information-security-survey-2014-key-findings-report.pdf survey-2014-key-findings-report.pdf accessed 19 February 2021

Rathi S 2020 Cybercrime and the Risks to the Financial System system/ accessed 3 February 2021

Sobers R 2021 Cybersecurity Issues are Becoming a Day-to-day Struggle for Businesses accessed 15 February 2021

United Nations Conference on Trade and Development 2018 Harnessing Frontier Technologies for Sustainable Development Innovation and Technology Report 2018 document/tir2018_en.pdf accessed 12 February 2021

World Bank Group 2019 Financial Sector’s Cybersecurity: A Regulatory Digest 3rd-Edition-May2019.pdf accessed 23 April 2021

World Bank Group 2018 Financial Sector’s Cybersecurity: Regulations and Supervision accessed 23 April 2021



How to Cite

Warikandwa, T. V. . (2021). Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared. Potchefstroom Electronic Law Journal, 24, 1–32.



Special Edition: Corporate and Financial Markets 2021