Information Regulator: Draft Code of Conduct for Gated Access Control

Posted 06 May 2026 Written by Acts Online
Category POPIA

Brought to you by SA Legal Academy: The Information Regulator has issued a call for input on a draft code of conduct regarding the processing of personal information for gated access control.

In terms of the Protection of Personal Information Act, No. 4 of 2013 (POPIA), the Information Regulator is seeking public comment on a draft code of conduct intended to regulate how personal data is handled at entry points to residential and commercial estates. The notice, which follows research conducted by the Regulator into current industry practices, sets a deadline for submissions of 14 May 2026.

The proposed code aims to standardize the collection and storage of data subjects’ information when they seek to enter gated properties. The Regulator’s research highlighted inconsistencies in how identity documents are scanned, vehicle registrations are recorded, and biometric data is captured. The code will provide a framework for ensuring that such processing is necessary, proportionate, and compliant with the conditions for lawful processing set out in POPIA.

Scope and Application

Once in force, the code of conduct will apply to various entities involved in the management of gated access, including:

  • Bodies corporate and homeowners’ associations;
  • Security service providers and personnel;
  • Property management agencies; and
  • Technology providers supplying access control systems.

What this means for you, your business, or your clients

  • For yourself: If you act as a compliance officer or information officer, you must evaluate current manual and digital visitor logs against the draft requirements to identify potential gaps in data minimization and security.
  • For your business: Security firms and estate management companies must prepare to audit their data retention policies, specifically regarding the duration for which vehicle and ID scans are stored on local servers or cloud platforms.
  • For your clients: Clients residing in or managing gated communities will need to ensure that their service level agreements with security companies explicitly mandate compliance with this specific code of conduct once finalized to mitigate liability risks.

Originally published at https://legalacademy.co.za/news/read/information-regulator-input-sought-on-gated-access-related-draft-code-of-conduct

The views expressed herein are those of the author and do not necessarily reflect those of Acts Online. Acts Online accepts no responsibility for the accuracy, completeness or fairness of the article, nor does the information contained herein constitute advice, legal or otherwise.