The draft regulations to the Protection of Personal Infomation Act (POPIA) have been published for public comment. Deadline for comments is 07 Nov 2017. Links to the Government Gazette notification with the draft regulations are below:
GG 41105, GoN 709, 08 Sep 2017 - Protection of Personal Information Act, 2013 (Act. 4 of 2013): Invitation to comment on Draft Regulations relating to the Protection of Personal Information.
Draft POPIA Regulations
Some immediate observations from the draft document follow.
The regulations include the following sections:
- Definitions
- Manner of objection to the processing of personal information
- Request for correction or deletion of personal information or destroying or deletion of record of personal information
- Duties and responsibilities of information officers
- Application to issue a code of conduct
- Request for data subject's consent for processing of personal information for the purpose of direct marketing by means of unsolicited electronic communications
- Submission of complaint or grievance
- Regulator acting as conciliator during an investigation
- Pre-investigation proceedings of Regulator
- Notifications
- Assessments
Various Annexures, which include a number of forms:
- OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- APPLICATION FOR THE ISSUE OF A CODE OF CONDUCT IN TERMS OF SECTION 61(1)(b) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- APPLICATION FOR THE CONSENT OF A DATA SUBJECT FOR THE PROCESSING OF PERSONAL INFORMATION FOR THE PURPOSE OF DIRECT MARKETING IN TERMS OF SECTION 69(2) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- COMPLAINT REGARDING INTERFERENCE WITH THE PROTECTION OF PERSONAL INFORMATION/COMPLAINT REGARDING DETERMINATION OF AN ADJUDICATOR IN TERMS OF SECTION 74 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- NOTICE TO PARTIES: CONCILIATION REGARDING INTERFERENCE WITH THE PROTECTION OF PERSONAL INFORMATION IN TERMS OF SECTION 76 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- NOTICE TO PARTIES: CONCILIATION REGARDING INTERFERENCE WITH THE PROTECTION OF PERSONAL INFORMATION IN TERMS OF SECTION 76 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- NOTICE TO PARTIES OF INTENTION OF REGULATOR TO INVESTIGATE COMPLAINT IN TERMS OF SECTION 79 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- NOTICE TO PARTIES IN TERMS OF SECTION 94 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
- REFERRAL TO ENFORCEMENT COMMITTEE IN TERMS OF SECTION 92 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- ENFORCEMENT NOTICE IN TERMS OF SECTION 95 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- CANCELLATION OF ENFORCEMENT NOTICE SECTION 96 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- NOTICE OF APPEAL SECTION 97 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- SUBSTITUTION OF ENFORCEMENT SECTION 98 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- NOTICE OF DISMISSAL OF APPEAL SECTION 97 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- REQUEST FOR AN ASSESSMENT SECTION 89 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
- NOTIFICATION SECTION 89 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013)
Actions required for implementing POPIA
One of the immediate observations from the regulations is that there are a lot of forms and documents which will need to be created, kept and maintained. This is likely to be onerous, and organisations must seek a simple way to manage this.
We will continue to provide insight to the regulations as they are developed further.