The Protection of Personal Information Act ("POPI") which was published in the Government Gazette on 26 November 2013 has yet to have a confirmed commencement date. Many corporates are eagerly awaiting the announcement of this date because, after it is confirmed, corporates have 1 year to ensure their business becomes POPI compliant (this grace period may be extended to 3 years, but this is yet to be confirmed).

Certain limited sections of POPI have already commenced. These include:

  • The Information Regulator (Part A of Chapter 5) - see Annexure "A"
    This deals with the establishment of the Information Regulator, as well as staffing, powers, duties, functions and conflicts of the Regulator. No members have been appointed to the Regulator as of yet. This is expected to happen later in the year.
  • Regulations (Section 112)see Annexure "B"
    The Minister and the Information Regulator may now make regulations.
  • Procedure for making regulations (Section 113) - see Annexure "C"
    There are no regulations yet, but the process to make them is in place.
When will the rest commence?

This is yet to be confirmed but experts predict early to mid-2015. Companies should, however, already start implementing the changes needed to ensure POPI compliance. 

ENSafrica provides customised POPI training and comprehensive POPI policies for corporates. We also update PAIA Manuals for compliance with POPI.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.