The recent judgment in Zulu Nyala Game Ranch (Pty) Ltd v Beukes marks a significant development in South African privacy and employment law. What began as a commercial dispute between an employer and a former employee ultimately clarified the reach of Section 20 of the Protection of Personal Information Act (POPIA) within employment relationships. The case confirms that individuals who access personal information in the course of employment carry enduring statutory duties, which do not fall away once the employment relationship ends.

Background

Zulu Nyala Game Ranch (Pty) Ltd  operates a wildlife and cultural tourism business, offering safaris, excursions and accommodation to local and international guests. Christiaan Beukes, (the first respondent) was employed as a ranger, and a material component of his role involved marketing excursions and game drives to Zulu Nyala’s guests. In that capacity, he was entrusted with access to Zulu Nyala’s client database, including names, contact details, booking records, and detailed guest preferences.

During the subsistence of his employment, Beukes began marketing and selling excursions offered by Custom Trails (Pty) Ltd,(the second respondent) -  a company registered in his wife’s name and providing materially identical services in the same market. He was subsequently dismissed. Following termination, Custom Trails secured operating licences for safari vehicles and guest accommodation in nearby game reserves, placing it in direct competition with Zulu Nyala.

Zulu Nyala alleged that Beukes unlawfully used its confidential client information—obtained solely by virtue of his employment—to solicit clients and secure an unfair competitive advantage for Custom Trails, in breach of his post-employment contractual confidentiality obligations and his statutory duties under section 20 of the Protection of Personal Information Act 4 of 2013 ("POPIA").

On this basis, Zulu Nyala instituted urgent proceedings in the High Court, seeking final interdictory relief restraining Beukes and Custom Trails from using, disclosing, or exploiting its client information, and from contacting or soliciting its clients.

The Legal Issue Before the Court

The Court had to determine:

1. Whether Zulu Nyala’s client information constituted both "personal information" for purposes of POPIA and confidential commercial information at common law.

2. Whether Beukes’s post‑employment use, retention and disclosure of that information breached his contractual confidentiality obligations and section 20 of POPIA.

3. Whether the requirements for final interdictory relief were satisfied, justifying an order restraining Beukes and Custom Trails from using or exploiting the client information, including by contacting or soliciting Zulu Nyala’s clients

   
   

The Court’s Reasoning – Key Elements

• Client information is both personal and confidential: Zulu Nyala’s client data constitutes “personal information” under POPIA and confidential commercial information at common law.

• Section 20 of POPIA applies to employees: Employees processing client data are bound by section 20, requiring authorised use and confidentiality.

• Breach of obligations: Beukes’s unauthorised use and disclosure of client data for a competitor violated both his contractual confidentiality duties and statutory obligations under POPIA.

Critically, the Court accepted that these statutory duties do not fall away upon termination of employment where the former employee continues to possess or use information obtained during employment.

The grant of final interdictory relief

On the facts, the Court was satisfied that Zulu Nyala had established:

• a clear right in the confidentiality and POPIA-protected client information;

• an ongoing infringement through its unauthorised use by a competitor; and

• the absence of an adequate alternative remedy.

Final interdictory relief was accordingly granted, restraining Beukes and Custom Trails from using, disclosing, or otherwise exploiting Zulu Nyala’s client information, including from contacting or soliciting its clients.

Notably, the judgment does not determine questions of vicarious liability or the allocation of liability between employer and employee for section 20 breaches—issues that are likely to arise in future litigation.

Practical implications

Red flags requiring immediate review:

• Employment contracts treating confidentiality as purely contractual, without reference to POPIA or section 20;

• Unrestricted employee access to client databases without role-based controls or audit trails;

• Off-boarding processes lacking formal undertakings on personal information retention or data retrieval;

• Training that frames POPIA as an organisational obligation rather than a personal statutory duty.

  
  

For employers: 

• Ensure confidentiality clauses and POPIA policies explicitly survive termination. Implement role-based access controls, immediate system revocation on exit, and mandatory return of all client data.

For employees: 

• Access to client information is granted solely for performance of authorised duties and may not be retained or exploited post-employment. Unauthorised use attracts urgent interdictory relief and potential damages claims.

Conclusion

In a data-driven economy, fostering a culture of trust through transparent policies reduces misuse risks. Forward-thinking organisations use compliance audits to assess access controls, contractual alignment, and risk indicators, alongside privacy impact assessments for systemic issues such as leadership commitment and training efficacy.

The Annual Employment Conference #AEC2026 brings together South Africa’s leading labour, HR, and employment-relations experts for a deep dive into the most urgent challenges facing employers in a changing world of work.

2026's conference promises to unpack the economic, technological, and legislative forces reshaping the workplace, offering practical insights on navigating organisational change, managing workforce risks, strengthening compliance, and preparing for the next wave of policy reform. Delegates will gain forward-looking guidance from top practitioners, case-based analysis of emerging employment trends, and strategic tools to build resilient, future-ready workplaces. Register now: https://www.globalbusiness.co.za/gbs-event-details/annual-employment-conference-2026

View our upcoming events: Upcoming Events and Qualifications, like Annual Employment Conference 2026 (#AEC2026), Master Employment Equity in 2026, COID Amendment Update, How to conduct a Disciplinary Enquiry, Higher Occupational Certificate: HRM Administrator NQF5, and Advanced Occupational Certificate: HRM Officer (NQF 6).

*All workshops are offered as customised in-house training that can be presented virtually or on-site.