Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements

Adéle Da Veiga, Ruthea Vorster, Fudong Li, Nathan Clarke, Steven M. Furnell

Research output: Contribution to journalArticlepeer-review

314 Downloads (Pure)


Purpose: This research investigates the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

Design/methodology/approach: An insurance industry multi-case study within the online insurance services environment was conducted. Personal Information (PI) of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act (DPA) and Protection of Personal Information Act (POPIA).

Findings: The results demonstrate that not all the websites honored the selected opt-out preferences as direct marketing material from the insurance organisations in the sample was sent to both the SA and UK consumer profiles. Forty-two unsolicited third party contacts were received by the SA consumer profiles whereas the UK consumer profiles did not re-ceive any third party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

Research implications: As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Originality/value: Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicate the positive role that data protection legislation plays in a county like the UK with a more mature stance toward compliance with data protection legislation.
Original languageEnglish
JournalInformation and Computer Security
Early online date14 Aug 2019
Publication statusEarly online - 14 Aug 2019


  • law
  • privacy
  • security
  • Protection of Personal Information Act
  • DPA
  • Data Protection Act
  • GDPR
  • General Data Protection Regulation
  • Personal information
  • consumer
  • direct marketing
  • opt-in
  • opt-out
  • compliance
  • legal


Dive into the research topics of 'Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements'. Together they form a unique fingerprint.

Cite this