Welcome to Miltons Matsemela - The Conveyancers
17 Nov 2020

What does the law say about running an AirBnB in Cape Town?

You own a flat or a house in Cape Town, and want to rent it out as an AirBnB. May you, or do you need Council’s permission, depending on the zoning?

With special thanks ELCO PROP Town Planners for their input, here is the answer:

Changes to the Cape Town Municipal By Law Act at the start of the year introduced a new definition, namely that of “transient guests”.

Many people think that an AirBnB is similar to a guest house, hotel, or bed and breakfast, and then look for answers in the various zoning categories available in the aforesaid By Law, when in fact, it is neither of these. If truth be told, it is alot simpler than you might think.

Allow me to introduce the concept of a “transient guest”. This is defined as “a person who is provided temporary accommodation on a land unit that is not their permanent place of residence, for a continuous period not exceeding 30 consecutive days at a time”.

This is your typical AirBnB guest. So where may this sort of guest reside, without you getting in trouble with the authorities?

The answer lies within the definition of a dwelling unit, which is now defined as “a self-contained, interleading group of rooms, with not more than one kitchen, used for the living accommodation and housing of one family or a maximum of 5 transient guests, together with such outbuildings as are ordinarily used therewith, but does not include domestic staff quarters, or tourist accommodation or accommodation used as part of a hotel”.

Given the above, any dwelling – be it a flat or a house – may be used for a maximum number of five AirBnB guests not staying more than 30 days at a time.

Zoning is irrelevant. The concept of AirBnB is covered by “transient guests”, and has nothing to do with guest houses, bed n breakfast, or hotels. Whether your property is thus zoned as Single Residential 1 or 2, or General Residential 1 or 2, is irrelevant.

So basically, ALL dwellings are allowed to be used as AirBnB now, under this By Law.

That said – WARNING!

It is important to note that one might still require permission from a Body Corporate if the Conduct Rules of a Sectional Scheme require this, or it may be forbidden in such rules, or by the Constitution, of an HOA, should the property be governed by one.

In addition, some insurers of residential Sectional Schemes consider AirBnB enterprises as commercial enterprises, and if they find out that units were being AirBnB’d, they may be entitled to refuse any insurance claims!

AirBnB’s may also add significant risk to security measures in a complex, with new people coming and going, and remotes being handed out left and right.

So please do your homework before you AirBnB your dwelling, or decide to market or buy an investment property with that intention. The mere fact that the By Law has now declared this as “open season”, is not the end of the matter.

Robert Krautkramer

Miltons Matsemela Inc.

12 Nov 2020

The Protection of Personal Information Act (POPIA)

A Practical 4-Step Action Plan for your Business

“By failing to prepare you are preparing to fail” (Benjamin Franklin)

The media is still awash with warnings about the dangers of not complying with POPIA. The risks of non-compliance are indeed substantial but whilst much is made of the fact that the Act itself is now in force, references to the one-year grace period for compliance expiring on 30 June 2021 appear only in the fine print (if at all).

But – and this is a big but – there are major benefits to understanding POPIA and starting the compliance process long before it becomes compulsory. The penalties for getting it wrong are sizeable, “preparation makes perfect”, you are giving yourself lots of time to get it right, and for many businesses there is also good marketing potential in being able to tell your customers and clients that you are already addressing the situation.

Four practical steps to start with…

Before we start on your action plan, get to grips with the fact that you will almost certainly have to comply fully with POPIA. As soon as you in any way “process” (collect, use, manage, store, share, destroy and the like) any personal information relating to a “data subject” (customers, members, employees etc etc), you are a “responsible party”. Very few businesses will fall outside that net. Equally you are unlikely to fall under exemptions like that applying to information processed “in the course of a purely personal or household activity”. Get going with these steps –

  1. Assess what personal information you hold, how you hold it, and why: Figure out what personal information you currently hold, how you hold it, and why you hold it. To collect and “process” such information lawfully you need to be able to show that you are acting lawfully, reasonably in a manner that doesn’t infringe the data subject’s privacy, and safely. You must show that “given the purpose for which it is processed, it is adequate, relevant and not excessive”, data can only be collected for a specific purpose related to your business activities, and can only be retained so long as you legitimately need to or are allowed to keep it. There’s a lot more detail in POPIA, but you get the picture – you cannot collect or hold personal information without good and lawful cause.
  2. Check security measures, know what to do about breaches: You must “secure the integrity and confidentiality of personal information in [your] possession or under [your] control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, damage to or unauthorised destruction of personal information … and unlawful access to or processing of personal information.” You are going to have big problems if there is any form of breach from a risk that is “reasonably foreseeable” unless you can prove that you took steps to “establish and maintain appropriate safeguards” against those risks. Bear in mind that whilst cyber-attacks tend to get the most media time, there are also other risks out there – brainstorm with your team all possible vulnerabilities and patch them. Any actual or suspected breaches (called “security compromises” in POPIA) must be reported “as soon as reasonably possible” to both the Information Regulator and the data subject/s involved. If third parties (”operators”) hold or process any personal information for you, they must act with your authority, treat the information as confidential, and have in place all the above security measures.
  3. Check if you do any direct marketing: Most businesses don’t think of themselves as doing any “direct marketing”, but the definition is wide and includes “any approach” to a data subject “for the direct or indirect purpose of … promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject…”. So, for example, just emailing or WhatsApping your customers about a new product or a special offer will put you firmly into that net.If your approach is by means of “any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail”, you must observe strict limits. Whilst you can as a general proposition market existing customers in respect of “similar products or services” (there are limits and recipients must be able to “opt-out” at any stage), potential new customers can only be marketed with their consent, i.e. on an “opt-in” basis.
  4. Get a start on procedures and training: Identify an “Information Officer” who will take on all compliance duties, establish procedures, and train your team in implementing them. Cover how you will collect the data, process it, store it, for how long, for what purpose/s and so on. What consent forms do you need and when/how are they to be completed and stored?You are much less likely to have a POPIA problem if everyone in your business (and most importantly you!) understands what your procedures are and implements them as a matter of course. Make sure that no functions “fall between two stools” – assign individual compliance tasks to named staff members and make sure everyone understands who is to do what.

This is a complex topic and there is no substitute for tailored professional advice. What is set out above is of necessity no more than a simplified summary of a few highlights.

This article was published recently by LawDotNews. We credit the original author.

© 2023 Miltons Matsemela. All rights reserved.

Site by Yeabla Digital.