https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / SchoemanLaw Inc RSS ← Back
SchoemanLaw|South Africa|Data Protection|POPIA|Sectional Title|Information Regulator|Janet Mc Intosh|Access Control|Biometrics|CCTV
|||||
schoemanlaw|south-africa|data-protection|popia|sectional-title|information-regulator|janet-mc-intosh|access-control|biometrics|cctv
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Protecting your visitors' personal data: New rules are coming for security complexes.


Close

Protecting your visitors' personal data: New rules are coming for security complexes.

Should you have feedback on this article, please complete the fields below.

Please indicate if your feedback is in the form of a letter to the editor that you wish to have published. If so, please be aware that we require that you keep your feedback to below 300 words and we will consider its publication online or in Creamer Media’s print publications, at Creamer Media’s discretion.

We also welcome factual corrections and tip-offs and will protect the identity of our sources, please indicate if this is your wish in your feedback below.


Close

Embed Video

Protecting your visitors' personal data: New rules are coming for security complexes.

Protecting your visitors' personal data: New rules are coming for security complexes.

3rd July 2026

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

Introduction 

Security measures at gated sectional title complexes often require visitors to provide personal information before access is granted. While these practices are intended to promote safety, they also raise important questions about privacy and compliance with the Protection of Personal Information Act 4 of 2013 (POPIA). The Information Regulator’s draft code on the processing of personal information at gated access signals a move towards clearer rules for how visitor information should be collected, used, stored and protected.

Advertisement

What is the draft code?

On 30 April 2026, the Information Regulator published a proposed code of conduct for comment, dealing specifically with the processing of personal information at gated access points in South Africa. Comments closed on 29 May 2026 and are now being considered by the Regulator. 

Advertisement

According to the notice, the purpose of the draft code is to give practical effect to POPIA’s eight conditions for lawful processing in gated access environments, promote appropriate practices, ensure proportionality between security needs and privacy rights, standardise lawful access control practices, regulate high-risk technologies such as CCTV and biometric systems, and strengthen governance, accountability, complaints and enforcement mechanisms.

Although the code is not yet binding, it is a strong indication of the standards the Regulator expects responsible parties to meet. For bodies corporate, trustees, managing agents and security providers, the draft code is important because many existing access practices were developed for operational convenience rather than formal data-protection compliance. The draft signals that convenience alone will not justify intrusive collection practices if they go beyond what is necessary for a legitimate security purpose. 

What information is usually collected at the gate?

At many gated complexes, visitors are asked to provide names, contact details, identity or passport information, vehicle registration numbers, unit numbers, appointment details and, in some cases, photographs or biometric identifiers. CCTV footage may also be captured automatically as part of access control and general security monitoring. The draft code is significant because it recognises that these practices involve personal information and, in some cases, high-risk processing that cannot be treated as routine administrative formalities.

Key POPIA themes for gated sectional title complexes

The starting point is that POPIA requires that personal information be processed lawfully and in a reasonable manner that does not infringe the data subject's privacy. In practice, that means a gated complex should collect only the information that is adequate, relevant and not excessive for the security purpose it wants to achieve. If the same objective can be met with less intrusive measures, trustees and managing agents should be cautious about collecting identity document numbers, copying identity documents, or using biometric systems as a default. POPIA also requires that personal information be collected for a specific, explicitly defined and lawful purpose, that data subjects be made aware of the collection, and that appropriate security safeguards be in place to prevent loss, misuse or unauthorised access.

Practical steps to consider now

Even before the code is finalised, sectional title complexes should review what visitor information is collected, why it is collected, who has access to it, how long it is retained, and whether existing notices and policies properly explain the processing. 

Contracts with security companies and technology providers should also be reviewed to ensure that roles, responsibilities, and safeguards are clearly defined. If biometrics, licence disc scanning, facial recognition or extensive CCTV monitoring are used, trustees and managing agents should be particularly careful to assess whether these measures are truly necessary, proportionate and properly governed. Early review and adjustment will place schemes in a stronger position if the draft code is finalised in substantially similar form.

Conclusion 

The draft code makes it clear that access control at gated sectional title complexes cannot be treated as a purely operational issue. Where personal information is collected for security purposes, bodies corporate, trustees, managing agents, and service providers must ensure that the processing is lawful, proportionate, and properly governed in accordance with POPIA. Although the code is still subject to finalisation, it provides a valuable opportunity for schemes to review their current practices and strengthen compliance before stricter sector-specific standards take effect.

 

Written by Janet Mc Intosh, Attorney: Civil and Commercial Litigation, SchoemanLaw Inc 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE      ARTICLE ENQUIRY      FEEDBACK

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here


About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za