POPIA: Draft Code of Conduct for Gated Access

Posted 26 May 2026 Written by Acts Online
Category Justice

Brought to you by SA Accounting Academy: The Information Regulator has issued a draft Gated Access Code of Conduct under the Protection of Personal Information Act, No. 4 of 2013 (POPIA), to regulate the processing of personal information at access-controlled properties.

In terms of the Protection of Personal Information Act, No. 4 of 2013, the Information Regulator has published the draft Gated Access Code of Conduct. The code aims to ensure that owners, managers, and their security and technology service providers process personal information lawfully, responsibly, and in compliance with POPIA at any premises with gated or controlled access.

Under the draft code, “premises” includes any house, building, land, or outbuildings occupied by residents or businesses, such as residential estates, commercial complexes, and office parks. “Gated access” refers to restricted entry to a specific area requiring authorisation or credentials.

The draft code applies to any person or entity collecting personal information to control entry to premises, including:

  • Property owners, body corporates, and homeowners associations;
  • Property managers and estate administrators; and
  • Security and technology service providers managing access control systems.

Once finalised, the code will officially come into effect 28 days after its publication in the Government Gazette.

Click here to download the Draft Code of Conduct on Gated Accesses.

What this means for you, your business, or your clients

  • For yourself: No direct individual compliance obligations; impact is channelled through professional advisory roles and personal compliance when entering gated estates.
  • For your business: If your firm operates from a gated office park or controls its own gated access, you must review your visitor sign-in and biometric data collection procedures to ensure alignment with the draft code’s requirements.
  • For your clients: Clients who manage residential estates, commercial office parks, or security firms must audit their access control systems, visitor logs, and third-party security contracts to ensure POPIA compliance before the 28-day post-gazette deadline.

Originally published at https://accountingacademy.co.za/news/read/information-regulator-popia-draft-code-of-conduct-relating-to-gated-access

The views expressed herein are those of the author and do not necessarily reflect those of Acts Online. Acts Online accepts no responsibility for the accuracy, completeness or fairness of the article, nor does the information contained herein constitute advice, legal or otherwise.