Indemnities – insert #10: Indemnities & the general data protection regulation (GDPR) (part 2) – liability for breach

Photo by Gabrielle Henderson on Unsplash


Indemnities – insert #10: Indemnities & the general data protection regulation (GDPR) (part 2) – liability for breach


Let's briefly revisit the aims of the GDPR which, whilst aligned with POPIA, is worth considering in more detail:

  • Assess security and privacy risks by means of a data protection impact assessmente. identify when processing may result in risks to data - what is required is a 'systematic and extensive evaluation of the organisation's processes and what safeguards it has' – this is an essential and ongoing exercise that every business should carry out & document the outcome on a regular basis      
  • The assessment should addressthe origin, nature, likelihood and severity of such risks and existing remedies
  • Business must show that it has implemented strategiesnot only to identify and pre-empt risk but also to manage and mitigate same.
  • Preventative measurescan include encryption and controlling privileges of users - ideally it should be impossible to tamper with and/or destroy data (See POPIA section 19)
  • Regular auditsof data must be carried out and monitoring must of be of such a nature as to detect breaches as early as possible            
  • It is imperative that security applies to the entire life cycleof data
  • Incident responsemust be swift as it will impact on customers, brand & share value : engage lawyers, PR, insurance and the authorities


The IBM report suggests that you look at the half full rather than the half empty glass and 'Go Beyond Compliance':

  • Cost benefitapproach: in depth analysis of data processed and stored - if possible discard data that does not add value
  • Make privacy part of corporate culture- it may well be a good idea to incorporate it in your corporate social responsibility policy, both from an ethical and moral perspective
  • 'Leverage privacy to drive superior customer experience'- doing so may give you a competitive advantage, promote transparency, trust and brand resilience.                 


The GDPR makes it quite clear that non-compliance can result not only in penalties (as mentioned in my previous article and these are substantially more severe than those imposed by POPIA) but also claims for damages by the affected parties! 


It should be borne in mind that the GDPR only applies to you if and when you market goods and services to EU subjects or a non-subject resident in the EU, i.e. it does not apply to EU citizens and residents living or holidaying outside the EU but the location of the service or product provider is irrelevant.


Whilst you may have an indemnity form to be signed, signage and/or a disclaimer clause in your T&C, compliance with the GDPR cannot be limited or waived. Thus you liability for administrative fines for a breach of the GDPR is not-negotiable.  


The next question is now what about the data subject whose GDPR rights have been infringed and who wants to lodge a damages claim - can you apply your indemnity and disclaimer?      


At the outset this aspect must be linked to your relationship with third party suppliers: not only should there be a reciprocal POPIA and GDPR indemnity and waiver in your favour but, as illustrated in my recent POPIA article in this regard (October 09 2023 via SATSA: INSERT #19 – ‘USE OF OPERATORS & RELATED SECURITY’), POPI requires of you to have an adequate formal POPI compliant contract with such suppliers!   


The claim for damages will be linked to non-compliance with the obligations specified by the GDPR. By definition there must be a causal link between such non-compliance and the damage.


The GDPR creates join liability of the parties linked to the non-compliance i.e. the liability of the principal (Responsible person/Controller) and sub-contractor/third party supplier (Operator/Processor) is joint (Article 82(4)).


It is crucial to note that data breach affecting a data subject may also entail monetary negative consequences for a third person whose data were not directly processed (Article 82(1)).  


There are two types of damages - Material damages are any out of pocket loss caused by a violation of the GDPR such as secondary harm (e.g. the loss of a job) whereas non-material damages are the emotional damage caused by the illegal processing of personal data itself.


Article 82(3) GDPR introduces a further prerequisite i.e. ‘responsibility’ for the claim for damages like intent and negligence. Article 82(3) GDPR also contains a reversal of the burden of proof with regard to ’responsibility’ i.e. responsibility is presumed.


The good news is that The Court of Justice of the European Union ('CJEU') laid to rest the notion that liability for GDPR administrative fines damages is strict and found that it must be proved that the controller was at fault i.e. acted intentionally or negligently, in committing the alleged breach of the GDPR (The Court of Justice of the European Union ('CJEU') issued, on 4 May 2023, its judgment in National Public Health Centre under the Ministry of Health v State Data Protection Inspectorate ('VDAI') (C‑683/21))


Aspects of the above is with acknowledgement of the discussion in




FEBRUARY 23 2024

DISCLAIMER - Each case depends on its own facts & merits - the above does not constitute advice - independent advice should be obtained in all instances

LOUIS’ LEGAL ADVICE CLUB (‘LAC’) – obtaining legal advice & guidance can be quite costly (See below*) hence my LAC via which you can obtain an hour’s legal advice for R500, 00 per month once you’ve joined AND the fee for additional hours is R1850 per hour! Furthermore you are dealing with a lawyer who has been in tourism since 1982!        

* The AVERAGE hourly rate is R2700 (


Indemnities – insert #9: Indemnities & the general data protection regulation ('gdpr') (part 1) - introduction

What you may not know is that an enquiry about the GDPR precipitated this series of articles! However rather than dealing with the GDPR first thing I considered it more constructive to analyse indemnities comprehensively as I’ve done.      

Before you carry on reading and reach out for a cup of coffee (or something stronger!) to clarify the confusion and complexity, let's make one or two things quite clear:


  • The GDPR is the first comprehensive review of privacy legislation in the European Union (‘EU’) for 20 years  - it supersedes the EU Data Protection Directive 1995
  • It must be borne in mind that the UK has its own GDPR (post Brexit) – by and large it is a ‘mirror image’of the EU GDPR    
  • The GDPR has in fact been around for 2 yearse. it came into effect May 24 2016
  • It applies to all entities (Processors & Controllers) ‘established’ in the EU or  wherever they are in the worldthat provide goods and services to any consumer (Data Subject) who is a EU subject or a non-EU citizen that resides in any of the EU member states
  • Given the more pervasive nature of the GDPR, it is recommended that it be used as a standard rather than POPIA (see 'aims'below)
  • You may see references to 'Privacy Shield'(formerly 'Safe Harbor') - this only applies to data exchanges between the EC and the USA           

 So as an opener and to ease your mind let's look at some of the key similarities and then some of the key differences between the GDPR and POPIA, the South African privacy act:   

SIMILARITIES (with minor nuances)               

  • 'Data Subject'is described more broadly e.g. a person who can be identified by an 'identifier' such as user name or web cookie - this appears in POPIA where it refers to 'personal information' as including such an 'online identifier' (Read with definition of 'unique identifier')
  • 'Personal Information'is called 'Personal Data'
  • The POPIA 'Responsible Person'(one who 'determines the purpose of processing') is called a 'Controller'
  • The aforesaid role is extended to a so called 'Processor' e. an entity/person that processes personal data on behalf of the controller e.g. a developer or analyst, referred to in POPIA as an 'Operator'
  • The POPIA 'Information Officer'is called a 'Data Protection Officer' BUT the definition stipulates that such a person must have 'an extensive knowledge of data privacy laws and standards'
  • As with POPIA 'consent'is not required in the case of a 'lawful basis' (Section 11 (1) (c) & (e)) or 'legitimate interest' (Section 11 (1) (d) & (f)
  • It is not stated in POPIA but as you may know from my previous articles, I am of the view that the POPIA Information Officer (GDPR 'Data Protection Officer'*) can be an external or internal appointment - the following aspects of the GDPR may be a useful guideline for an internal appointment: ensure there is no conflict of interest e.g. a financial director as opposed to the IT director or manager. Additional guidelines appear in the definition* i.e. legal, security or accounting background and knowledge of privacy.                    



  • 'Data Subject'does NOT include legal entities (juristic persons) e.g. companies - only natural persons can rely on the protection of GDPR
  • The fines are materially highere. the greater of 4% of the entity's global annual revenue or €20 million - compare with the POPIA R10 million. However during the period 2016/'17 of the 17300 cases investigated in the EU, only 16 fines were imposed and the highest was £500 000, 00 and this was because the breach impacted 3 million people!   
  • The Data Protection Officer is only required for public authorities – However this obligation also applies to private businessif one of the following applies to it i.e. one of its core, primary activities is e.g. processing personal data to fulfil key goals such as profiling and tracking for behavioural advertising
  • So called 'smaller firms'e. less than 250 employees do not have to comply with certain GDPR requirements (See list in GDPR) but they must keep a record of processing if there is 'a risk to the rights and freedoms of the Data Subject
  • Data breachesmust be conveyed to the authorities and affected consumer within 72 hours - POPIA states '.. as soon as reasonably possible... ' (Section 22 (2))  




January 05 2024

DISCLAIMER - Each case depends on its own facts & merits - the above does not constitute advice - independent advice should be obtained in all instances



Indemnities – insert #8

The role of contractual issues, public policy, delict and the duty of care (part 2)

I am sure when you read all my articles to date you may be a bit confused – you may even say ‘That’s putting it mildly’!

I am the 1st to acknowledge the latter so let me give you a brief snapshot of the evolution of some of the key issues from the last insert before I address the duty of care (‘DOC’) which is a common law principle to be applied in conjunction with the CPA and case law.



An indemnity is a contract (pactum) between the service/product provider and the client/consumer in terms of which the client undertakes not to sue the provider.

The default principle is known as ‘pacta sunt servanda’ (‘PSS’) i.e. contracts entered into must be upheld


The common law (delict/tort) concept of voluntary acceptance of risk (‘VAR’) goes hand-in-hand with PSS and is a further default principle i.e. if you have voluntarily accepted the risk, you cannot claim for adverse consequences such as injury of death (Volenti non fit injuria)     


Certain requirements must be met before PSS and VAR will be upheld – in essence these include inter alia: plain language – the signing of the indemnity & participation in the activity in question must be voluntary – the participant must be fully informed of all the material facts& risks (failing which there can be no consensus, a requirement for a binding contract) – unfairness and harshness of the wording does not automatically mean the indemnity will not be upheld – good faith – reciprocal rights and obligations


The latter brings into the equation the DOC issue mentioned above. A careful reading of the Naidoo v Birchwood Hotel case highlights this aspect – see below:      

  • ‘......... the gate should have been subject to regular inspections and maintenance, inter alia to avoid undue hazards’    
  • ‘..... regular checks to ensure that every gate on the hotel premises is well maintained and functioning properly at all times’
  • ‘Erwee in his report on ‘precautionary measures’ made after the incident, recommended that the heavy gate be replaced with a new lighter gate that should run on gate motors to ensure that it would always be on the track and that no person would have to pull or push the gate.  This, he concluded, would make certain that if the gate did fall, no person would be injured.  The report is itself an admission that reasonable steps could have been taken to avert the harm’


Likewise in the case of Duffield v Lilyfontein School (a zip line accident) the court referred to the DOC and held for the injured party i.e. even if an indemnity has been signed, the party indemnified should do all things reasonably necessary to ensure that stringent safety measures are put in place.   


What is the DOC?

  • It is the duty owed by one person (Legal or natural) to another
  • Liability may arise if & when the DOC is breached
  • The breach can be of the contract or statute giving rise to the DOC or the common law


It should be borne in mind that even if the DOC is owed, if the breach thereof does not amount to gross negligence, then the indemnity should be upheld. 


So when does the principle of public policy come into consideration? It underscores the above PSS principle i.e. freedom and indignity including the right to freely and voluntarily conclude a contract which must thus be upheld and secondly that all persons have a right to seek judicial redress – this inter alia was discussed in detail in the case of Cooper v Shamwari Game Reserve (‘the Shamwari case’) – before I embark on an analysis thereof, let’s take a 2nd snapshot of what the courts have said so far about public policy to give you some context: 


  • Beadica v Oregon Trust – the degree to which enforcing the indemnity is ’unfair, unreasonable or unjust’will determine the role of public policy
  • Brisley v Drotsky– the court will address fairness, unreasonableness and good faith only in ‘exceptional cases’
  • Botha and Another v Rich- the Constitutional Court stated that fairness, unreasonableness and good faith can be considered but in the context of the circumstances
  • Barkhuizen v Napier – the court stated that they will only consider the circumstances if the clause is unreasonable and contrary to public policy 
  • Mohammed v Southern Sun – the court indicated that before it address the public policy issue, they would assess the objective terms of the indemnity in the circumstances in order to determine whether or not it was clearly unreasonable or unfair as to be contrary to public policy i.e. ’The fact that a term in a contract is unfair or may operate harshly does not by itself lead to the conclusion that it offends the values of the Constitution or is against public policy’


Against the backdrop of the above where it seems the circumstances play a key role, let’s have a look at the case of Cooper v Shamwari Game Reserve (‘SGR’), in my view an erudite assessment of the CPA, public policy and the above cases:

  • The client (Cooper) visited where she signed an indemnity upon arrival but during her stay she stippled and fell into the pool en route to dinner
  • Cooper’s case was based inter alia on breach of duty of care, lighting of pool, the pool not being cordoned off, the CPA and public policy 
  • SGR argued they had met duty of care, Cooper was aware of the pool which was well lit, she must’ve been mindful of the area, did not keep a proper lookout and Cooper indemnified SGR      
  • The court referred in the 1stinstance to the case of Durban’s Water Wonderland (Pty) Ltd v Botha which stated that if an indemnity is worded in ‘express and unambiguous terms’, it must be upheld – it was of the view that the SGR indemnity passed this test
  • The court also followed the guidelines of the Barkhuizen & Beadica cases discussed above
  • Cooper relied on the CPA section 48 (Terms must be fair, reasonable and just and it is not of excessively one-sided); sections 49 & (Certain risks must be brought to the attention of the consumer as early as possible & consumer must acknowledge via assent, signing or initialling it)(Note LOUIS: see my earlier inserts # 5 & 6 for in depth discussion)
  • The court expressed the view that Cooper’s public policy argument clearly entailed aspects of the CPA e.g. unequal bargaining power and curtailing her right to legal redress.
  • Cooper’s contended that limiting access to the court, breaches regulation 44 (3) of the CPA (section 48) – this regulation provides a detailed list of ‘contract terms which are presumed not to be fair and reasonable’such as
    1. excluding or limiting the liability of the supplier for death or personal injury caused to the consumer through an act or omission of that supplier subject tosection 61 (1) of the Act;
    2. excluding or restricting the legal rights or remedies of the consumer against the supplier or another party
  • However the court, based on the following extract from regulation 44‘The list in sub-regulation (3) is indicative only, so that a term listed therein may be fair in view of the particular circumstances of the case’ found that the reference does to mean the indemnity is contrary to public policy and therefore ruled against Cooper. (Note Louis: see ‘circumstances’)


It would appear that (1) the reference to DOC seems to ‘elevate’ the negligence in question into the ‘gross’ category which cannot be excluded in an indemnity in terms of the CPA (Section 51) and (2) reference to the circumstances in each case seems to ameliorate the public policy issue when juxtaposing PSS with the preclusion of right to legal redress.                




November 14 2023


Indemnities – insert #7

The role of contractual issues, public policy, delict and the duty of care (part 1)

I drew attention in my previous insert to the importance and wording of section 48 – I believe that although public policy is not mentioned in so many words, the following extract raises the spectre thereof i.e. ‘excessively one-sided’ and ‘so adverse to the consumer as to be inequitable’.


Section 51 can be regarded as alluding thereto as well i.e. an agreement (thus an indemnity) must not ‘defeat the purposes and policy of this Act’.


Contractual Issues

It should be borne in mind that an indemnity is a contract and all the requirements for a valid, binding contract should be applied when interpreting it i.e. consensus, certainty, offer and acceptance, possibility, legality, capacity and formalities. These aspects include elements (which have now been emphasised by the CPA) such as plain language


If these requirements are met, then based on the principle of pacta sunt servanda i.e. agreements entered into freely must be upheld for legal certainty even of the outcome is onerous for one party, will apply to the indemnity (being a pacta). It was expressed as follows in the case of Beadica 231 CC (Constitutional Court) and Others v Trustees for the time being of the Oregon Trust and Others [2020] ZACC 13’ i.e. provided an agreement was in “simple, uncomplicated language, which an ordinary person could reasonably be expected to understand”, it should be enforced.  Likewise in the case of Mohamed's Leisure Holdings (Pty) Ltd v Southern Sun Hotel Interests [2017] ZASCA 176 (1 December 2017) the court stated that: “The fact that a term in a contract is unfair or may operate harshly does not by itself lead to the conclusion that it offends the values of the Constitution or is against public policy” and it upheld the pacta sunt servanda principle.


However certain factors may render a contract voidable (i.e. it can be set aside) such as undue influence, a material fact not being disclosed such as undue hazards (Duffield v Lilyfontein School) and the courts will consider fairness, reasonableness and good faith but only in exceptional cases (Brisley v Drotsky 2002 4 (SA) 1 (SCA) (More about this later).        

A tacit term or implied term was described in the leading case in this regard i.e. by Corbett AJA in Alfred McAlpine & Son (Pty) Limited v Tvl Provincial Administration 1974 3 SA 506 (A) 531-532 as:
“ unexpressed provision of the contract which derives from the common intention of the parties, as inferred by the Court from the express terms of the contract and the surrounding circumstances.”


It has also been referred to in the case of Petra Kruger v Wawiel Park (Freestate High Court 2022) as ‘quasi-mutual assent’ – this case dealt with signage at the entrance and the opportunity of visitors to read same when they only had ‘a split second’ to read it (Discussed in more detail below).    


This is relevant to the adventure tourism industry in particular and tourism in general as many indemnities are either in the booking form (whether hard copy or electronic) in detail or referred to and likewise ‘Own Risk’ signage and finally the (usually very brief) indemnity signed by the parties upon embarking on a walk or game drive by vehicle. What is implied or tacit may depend on the prior knowledge and/or experience of the customer and/or the extent to which it has been elaborated upon in the briefing as well as the practice in the industry in question.


Public Policy, the Constitution & the CPA

Let’s consider the evolution of this concept as it has been addressed, applied and developed by our courts.

Barkhuizen v Napier 2007 (7) BCLR 691 (CC) is the leading case in this regard. It addressed the role of good faith and ubuntu (e.g. essential human virtues, compassion and humanity) and introduced a two step process for determining fairness: the 1st question is whether the clause in question is unreasonable and contrary to public policy – if the answer to that is ‘Yes’ that is the end of the enquiry and the clause will be deemed to be unenforceable. If the answer is ‘No’ a 2nd question must be asked i.e. should the clause be enforced considering the circumstances of the case.


Barkhuizen was followed in the case of Bredenkamp v Standard Bank of SA [2010] 4 All SA 113 (SCA) but it held inter alia that the Barkhuizen case

  • Cannot be interpreted to entail that all contractual provisions have to be “reasonable”;
  • Is not authority for the proposition that fairness is a core value of the Bill of Rights and that it is therefore a broad requirement of our law general;
  • Is not authority for the proposition that the enforcement of a valid contractual term must be fair and reasonable even if no public-policy consideration found in the Constitution or elsewhere was implicated


Naidoo v Birchwood Hotel 2012 6 SA 170 (GSJ) involved a disclaimer signed by Naidoo upon registration at the hotel as well as disclaimer signs on the premises. A heavy gate fell on Naidoo and he sued for injury when it came off its rails. The Court refused to uphold the indemnity and disclaimer notices stating: (1) to do so would not only be unfair and unjust to the plaintiff but also unconstitutional as it would limit his access the judicial remedy; (2) public policy in South Africa includes the notions of fairness, justice and reasonableness and would prevent the enforcement i.e. excluding liability for negligence (Applying the ‘circumstances’ second step as per Barkhuizen)(Note that this aspect included a detailed discussion of the duty of care which I will address in my next insert); (3 The Court could not solely rely on the principle of freedom of contract to override the need to ensure that contracting parties must have access to courts, if they so need.


In the case of Botha and Another v Rich NO and Others [2014] ZACC, the Constitutional Court proposed that to determine whether a clause would be unenforceable as a result of being contrary to the public policy one would have to consider whether the relevant clause was not in good faith or reasonable or fair in the circumstances. It was of the view that to pass this test, it must be mutually beneficial to the contracting parties or must have reciprocating rights and obligations. The latter of course alludes to the duty of care imposed on the indemnified party, a issue I will discuss in my next insert.


In Beadica (see above) the court considered the role of public policy in the context of contract terms being unfair and/or unreasonable and not in good faith. The former will only play a role where the contract falls foul the latter principles.


I look forward to sharing the case of Cooper v Shamwari Game Reserve (2565/2018) [2021] ZAECGHC 52 (13 April 2021) - South Africa: Eastern Cape High Court, Grahamstown with you in my next insert.


Indemnities – insert #6

Compliance with the CPA (Part 3)

I illustrated in the previous insert (The CPA part 2) the importance, timing and content of the customer briefing (Section 49).


Section 49 must not be read in isolation but in conjunction with section 58 which once again stresses the compliance with section 49 and sections 22 regarding the ‘Warning concerning (certain) fact and nature of risks’ regarding ‘any activity or facility’ i.e. a risk ‘of an unusual character or nature’; ‘not reasonably expected’‘that may result in serious injury or death’.


The above warning also applies to ‘adequate instructions for the safe handling and use of goods’ in the event that the goods are ‘hazardous or unsafe’  


The following broad provisions of section 48 not only highlights the value and importance of the briefing but furthermore serves as a point of departure when assessing the wording of your T&C and indemnity i.e. terms pertaining the supply of goods and/or services must not be ‘on terms that are unfair, unreasonable or unjust’.


It is often stated that ‘An indemnity is not worth the paper it is written on’ – however I do not believe that is an accurate assessment or that an indemnity per se is a ‘no-‘no’ i.e. the CPA does not ‘throw the baby out with the bathwater’ – rather it focuses the wording and the manner in which the client is advised and the ad hoc assessment thereof (‘...particular circumstances’). Section 48 gives examples of unacceptable wording i.e. it is the case when the terms of supply are   

  • excessively one-sidedin favour of any person other than the consumer or other person to whom goods or services are to be supplied;
  • so adverse to the consumer as to be inequitable;


Section 48 must be read with the provisions of regulation 45 which provides a List of contract terms which are presumed not to be fair and reasonable’ – it does however qualify the list by stating that it is ‘indicative only’so that a term listed therein ‘may be fair in view of the particular circumstances of the case’.


The list (of 26) includes the following

  • excluding or limiting the liability of the supplier for death or personal injurycaused to the consumer through an act or omission of that supplier subject to section 61 (1) of the Act;
  • excluding or restricting the legal rights or remediesof the consumer against the supplier or another party in the event of total or partial breach by the supplier of any of the obligations provided for in the agreement, including the right of the consumer to set off a debt owed to the supplier against any claim which the consumer may have against the supplier;


I will discuss the role of the duty of care & public policy in my next insert.


Indemnities – insert #5

Compliance with the CPA (Part 2)

The CPA requires that the consumer is adequately and timeously advised in detail of the risks the indemnity endeavours to cover and thus requires the consumer to accept. A mere reference and implied acceptance is not adequate however the innocuous nature of the risk(s) and this insert will highlight the importance of a detailed briefing.         


Let’s start with the following aspects of specifically section 49 ('Notice required .... T&C'):

  • The reasonthis clause requires notification to the customer is stated right at the end thereof i.e. to give the customer an 'adequate opportunity to receive and comprehend' the impact of the notice. It is therefore recommended that this notification takes place as early as possible in the booking process.
  • Timingis specifically addressed i.e. the notification must be the EARLIEST of the following: when customer (1) enters into the transaction; (2) engages in the activity; (3) enters/gains access to the facility; (4) makes payment - thus e.g. no rushed, last minute circulation of an indemnity on a clipboard circulated as a game drive is about to take place!      
  • The mannerin which it must be done is also crucial and this includes (a) 'plain language' (as discussed in my previous insert) and (b) 'conspicuous' and (c) 'likely to attract the attention of an ordinarily alert consumer' - beware hidden signage, small print, etc. AND it is strongly advised that you obtain the customer's signature rather a simple nod of the head as inter alia a misperception may later be raised (which the supplier is bound to resolve - to be read with section 41e. the obligation to  correct an apparent misapprehension on the part of a consumer’and section 58 regarding ‘hazardous goods’ – the latter is not defined in the CPA but it should be considered especially on adventure tourism to include ‘dangerous’, ‘risky’ and ‘unsafe’ (Oxford dictionary).
  • The topicsto be addressed in the customer briefing include:
    • Limitation/acceptance/assumption of risk/liability
    • Indemnities
    • Anything of an 'unusual character or nature' that may be encountered or participated in and which the customer is 'not reasonably expected to be aware of or notice'OR that may result in 'serious injury or death' (Adventure tourism here we come!)


An important change brought about by the CPA pertains to gross negligence i.e. (Section 51 (1)(c)) it is prohibited to: limit or exempt a supplier of goods or services from liability for any loss directly or indirectly attributable to the gross negligence of the supplier or any person acting for or controlled by the supplier’


Note the reference to third parties engaged by the principal – this aspect must be addressed in such contracts/dealings.


Products liability is addressed in section 61- it deals with ‘harm’ arising from one or more of the following: ‘supplying any unsafe goods’; a product failure, defect or hazard in any goods; inadequate instructions or warnings’


‘Harm’ is defined (Section 61 (5)) as (a) the death of, or injury to, any natural person;(b) an illness of any natural person; (c) any loss of, or physical damage to, any property, irrespective of whether it is movable or immovable; and (d) any economic loss that results from harm contemplated in paragraph (a), (b) or (c)’


Take note of the fact that liability is absolute i.e. (Section 61 (1)) ‘irrespective of whether the harm resulted from any negligence’


The body adjudicating the matter is entitled to assess the following aspects of such liability i.e. mitigation and apportionment of liability (Section 61 (6)) so e.g. reckless or negligent behaviour on the part of the user of the equipment may mean that such party did not mitigate the outcome and may in fact have exacerbated it!  


What are the implications of section 61 for the tourism industry? This question merits an article in itself but at least the following should be addressed: back-to-back contracts with suppliers of goods & services; adequate legible instructions on/supplied with equipment; and insurance.            `


I will discuss the enforceability of an indemnity in my next insert.


Indemnities – insert #4

Compliance with the CPA (Part 1)

An indemnity in whatever form must comply with the provisions of the Consumer Protection Act, Act # 68 of 2008 (‘the CPA’). There are a number of aspects of the CPA that are relevant and the following is a synopsis:

The CPA is applicable to ’every transaction with South Africa and promotion and supply or performance of goods & services’   


transaction is ‘an agreement between or among that person and one or more other persons for the supply or potential supply of any goods or services in exchange for consideration’ and an agreement is an ‘arrangement or understanding between or among two or more parties that purports to establish a relationship in law between or among them’ – note that a written document is not a prerequisite and the wide ambit of the duty of care principle must be borne in mind 


The aim of the CPA is described in extensively in section 3 but here are some aspects thereof that are relevant to indemnities:

  • a consumer market that is fair, accessible, efficient, sustainable and responsible for the benefitof consumers
  • reducing and ameliorating any disadvantagesdue to e.g. literacy, age etc resulting in ‘vulnerable consumers’
  • informed consumer choice


The above provides the backdrop against which the CPA requires the use of ‘plain language’ which is defined (Section 22) as inter alia


‘... document or visual representation is intended, with average literacy skills and minimal experience as a consumer of the relevant goods or services, could be expected to understand the content, significance and import of the notice, document or visual representation without undue effort, having regard to—

  1. the context, comprehensiveness and consistency of the notice, document or visual representation;
  2. the organisation, form and style of the notice, document or visual representation;
  3. the vocabulary, usage and sentence structure of the notice, document or visual representation; and
  4. the use of any illustrations, examples, headings or other aids to reading and understanding.


I have provided you with the above introduction not as an academic exercise but to illustrate the basics of the CPA against which backdrop any dispute on which a consumer is involved will be determined. The adjudicating body is also called upon to bear in mind the standing and bargaining power of the parties i.e. ‘capacity, education, experience, sophistication and bargaining position’ (Section 52 (2)


It means that all suppliers must bear all of the above factors and the rest of this article in mind when drafting indemnities and entering into any agreement with a consumer, be it by virtue of a verbal or written document and/or an implied agreement by virtue of e.g. signage.   


I will address in more detail the sections of the CPA that are pertinent to indemnities in my next insert.


Indemnities – insert #3


An indemnity is not limited to the wording of a clause in your terms and conditions (‘T&C’) and/or a separate indemnity document/form e.g. such as used on game drives and adventure tourism – it is extended to and includes suitably worded signage.


Such signage must be used not as a substitute for the above but as supplementary. It can address generic risks including more specifically e.g. slippery floor surfaces, unfenced pools, parking, etc.


It may however in some cases be an ‘interim’ substitute i.e. someone may not have signed an indemnity or seen the T&C but may be exposed to/sign such documents in due course. Until such time your ‘protection’ will be limited to the signage e.g. a person who is not in the party who has booked or by chance enters your premises (e.g. ‘Beware the Dog – Enter at own risk’) and/or joins a game drive at the last minute.   


It is imperative that such signage meet the requirements I have discussed previously, will discuss below and in further articles in this series failing which it may not be binding.


It can be of a ‘composite nature’ and it makes sense to do so by including the POPIA (Protection of Private Information Act) requirements if you are using CCTV at your premises (See my series of 4 articles as published by SATSA June 30 – August 19 2022).  


I will discuss the CPA requirements regarding indemnities in a separate article in this series shortly, so I will not go into detail here save to remind you on the timing of interacting with your visitors about the indemnity as well as the plain language requirement.


Given that upon arrival at the premises, especially if by motorized transport, the visitor will be exposed to the signage momentarily, it is imperative to use the right size lettering and display the key words such a ‘Indemnity and waiver’, and ‘Own risk’ as visibly as possible. I’ve seen signage at certain clubs and buildings that is so complex that not only was it hardly legible but it will take you about 10 minutes to read it! 


Additional wording (as cryptic as possible) should include that the visitor is deemed to have read, agrees to be bound, identity of the parties indemnified, what is included e.g. loss, damage, injury and death and exclusions e.g. indirect or consequential loss or damage.  


My next insert will focus on the role of the CPA 


Indemnities – insert #2

What should be addressed in an indemnity?

As discussed in my 1st insert, this document can called a variety of ‘names’ but given the ambit thereof I would suggest it be referred to as an ‘Indemnity, waiver/release from liability and hold harmless agreement’ (Hereinafter for the sake of simplicity I will refer to it as ‘the indemnity’).   


When you prepare your indemnity, bear in mind the ‘plain language’ provisions of the Consumer Protection Act, Act # 68 of 2008 (‘the CPA’) and in that context it is imperative that ambiguity be avoided – more about that later.


At the outset it should contain a clause stating that the signatory acknowledges the content, has read and agrees to be bound by it. 


There should be a link to your business terms and conditions (‘T&C’).


Clearly state the ambit of the indemnity such as your operations, premises, transport and activities, all of which must be at own risk.


Address the range of risks such as wildlife, unfenced pools and insects. Bear in mind your clients may be foreigners and they may not be familiar with aspects such as the severity of the sun and insects. You may wish to refer to information on your website & in your brochures.   


Address obedience pertaining to instructions emanating from management, game guides, drivers and signage.   


Questions and queries must be welcomed if not invited and a FAQ section on your website is a good idea. 


Signature of the document must be a prerequisite, be it the client, visitor and/or the guardian of minors.


If the party providing the indemnity has any doubts about his/her physical and/or mental condition before participating in any of the activities envisaged in the indemnity, he/she  should consult his/her medical practitioner before signing the document. This should be extended to include medication and physical challenges. 


Given the pervasive nature of the indemnity, participants should be advised to obtain adequate and ideally comprehensive insurance pertaining to all aspects of the indemnity – this can be a clause in the T&C.


Cancellation of activities for any reason and force majeure, should and can be addressed in the T&C.


Medical care administered by the supplier must be included in the release and not amount to admission of liability or waiver of rights on the part of the supplier.

The extent of the indemnity and what is held harmless and indemnified must be clearly addressed and state that all claims are waived.


Law, jurisdiction and domicilium must be specified.


Indemnities – insert #1

What is and why have an indemnity?

An indemnity is on the one hand a safeguard to protect a supplier of goods and/or services from liability that may arise from the provision of such goods or services. It may however address the converse i.e. it can be an undertaking (such as insurance) by one party (the insurer/indemnitor) to reimburse the other (the insured/indemnitee) for liability by means of cash payment, replacement, reinstatement or repair (


Such liability can be one or more or a combination of the following: losses, claims, damage, loss, injury or death and the safeguard can be to exclude or minimize liability as stipulated therein.


It goes by various names such as hold/save harmless agreement, waiver of liability, release of/from liability, or no-fault agreement, release or waiver of liability.‌


Clearly the use of the aforementioned wording in addition to the word ‘indemnity’ illustrates the nature of the document i.e. where the supplier is ‘protected against liability’ as opposed to insurance where the insurance company indemnifies the client i.e. ‘incurs liability’ and undertakes by and large to place the client/insured in a position he/she would have been had it not been for the insured incident      


Once this agreement has been entered into (and appropriately worded), it means the client waives the right to recover/claim from the supplier the stipulated matter(s) which can be as wide as physical loss, injury, harm or death up to & including material loss and damage which may include consequential, financial or economic loss of damage.


Contrary to a common misconception, such exculpation can arise even if the claim is due to the negligence of the supplier. However one aspect has been changed by the CPA: prior to the CPA a supplier could exclude liability for/limit liability to gross negligence, but that is no longer possible/illegal.        


Finally the ‘Why’ – I believe it is clear from the above that it is a crucial component of any business contract, especially in the tourism industry and regardless of the risk aspects involved.   


My next insert will focus in broad terms on the content of the document 




June 24 2023

 DISCLAIMER - Each case depends on its own facts & merits - the above does not constitute advice - independent advice should be obtained in all instances.