This morning (22nd June 2020) the Presidency announced dates for compliance to POPIA. The dates are as follows:
Sections 2 to 38; sections 55 to 109; section 111; and section 114 (1), (2) and (3) shall commence on 1 July 2020.
Sections 110 and 114(4) shall commence on 30 June 2021.
What does this mean:
Applicable immediately: 1 July 2020:
Sections 2 to 38; sections 55 to 109; section 111; and section 114 (1), (2) and (3).
The sections which will commence on 1 July 2020 are essential parts of the Act and comprise sections which pertain to, amongst others, the conditions for the lawful processing of personal information; the regulation of the processing of special personal information; Codes of Conduct issued by the Information Regulator; procedures for dealing with complaints; provisions regulating direct marketing by means of unsolicited electronic communication, and general enforcement of the Act.
This is the main body of the Act, and although Section 114 (1) (see below) gives a year, in principle, the time to act is now, and all organisations need to become compliant as soon as possible.
Applicable from 30 June 2021
Sections 110 and 114(4) shall commence on 30 June 2021.
Section 114(1) is of particular importance as it states that all forms of processing of personal information must, within one year after the commencement of the section, be made to conform to the Act. This means that entities (both in the form of private and public bodies) will have to ensure compliance with the Act by 1 July 2021. However, it stands to reason that private and public bodies should attempt to comply with the provisions of the Act as soon as possible in order to give effect to the rights of individuals.
The full press release can be viewed at: http://www.thepresidency.gov.za/press-statements/commencement-certain-sections-protection-personal-information-act%2C-2013
The Information Regulator published the "Regulations relating to the Protection of Personal Information" in the Government Gazette on 14th December 2018 42110, RG 10897, GoN 1383 (just when we were all going off on holiday.)
Regardless of the timing, in terms of Section 114 (1) of the Act, "All processing of personal information must within one year after the commencement of this section be made to conform to this Act". In the absence of any further statements or notifications from the Regulator, we must assume that this means we will need to comply by the end of 2019.
I have attached a copy of the Regulations, which can also be downloaded from POPIA Regulations or from:
http://www.justice.gov.za/inforeg/docs.html
The pressure is now on. Contact me at This email address is being protected from spambots. You need JavaScript enabled to view it. to see how we can assist you in fast-tracking your POPIA compliance.
Compliance to the Protection of Personal Information Act (POPIA), also known as the POPI Act, will be mandatory for most organisations in South Africa. As the Information Regulator develops the POPI Regulations further, so the dates and requirments will become clearer. See the latest status from the Information Regulator. This doesn't mean that organisations should wait until then. The European Union has developed the General Data Protection Regulations (GDPR) and are in the process of implementation. The Information Regulator is likely to follow similar principles and regulations. Until the POPI Act and Regulations are fully in place, following the GDPR will get you moving in the right direction.
Whilst the focus of the POPI Act is on compliance, our approach is to implement compliance in such a way that it delivers business value, so that it doesn't become a cost centre, or overhead, but rather allows for improvements in efficiencies and effectiveness, done in such a way as to meet the compliance requirements.
The site contains useful guidance and implementation tools to equip you to be POPI Act compliant. It will evolve over time as the Regulations are published. It will contain information about:
This site is proudly sponsored by COR Concepts, an Information Management company.
If you need any further information regarding the POPI Act, and simple steps to compliance, sign-up to our e-mail newsletter.
The information published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is up to date and accurate. Please consult with a lawyer for legal advice. During our implementation we can engage with privacy lawyers on your behalf. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages.
Join our mailing list to keep up to date with latest POPIA developments.