The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR.
It sets some conditions for responsible parties to lawfully process the personal information of data subjects. The act sets the minimum standards for the protection of personal information and regulates the “processing” of personal information.
The term “processing” is defined to include collecting, receiving, recording, organizing, retrieving, using, disseminating, distributing or making such personal information available. Since there are very few exceptions to who is subject to the law, it is safe to assume if you process data in Southern Africa, then you are obligated to comply with the Protection of Personal Information Act.