The Protection of Personal Information Act
("POPI") which was published in the Government
Gazette on 26 November 2013 has yet to have a confirmed
commencement date. Many corporates are eagerly awaiting the
announcement of this date because, after it is confirmed,
corporates have 1 year to ensure their business becomes POPI
compliant (this grace period may be extended to 3 years, but this
is yet to be confirmed).
Certain limited sections of POPI have already commenced. These include:
- The Information Regulator (Part A of Chapter
5) - see Annexure "A"
This deals with the establishment of the Information Regulator, as well as staffing, powers, duties, functions and conflicts of the Regulator. No members have been appointed to the Regulator as of yet. This is expected to happen later in the year.
- Regulations (Section 112) – see
The Minister and the Information Regulator may now make regulations.
- Procedure for making regulations (Section 113)
- see Annexure "C"
There are no regulations yet, but the process to make them is in place.
This is yet to be confirmed but experts predict early to
mid-2015. Companies should, however, already start implementing the
changes needed to ensure POPI compliance.
ENSafrica provides customised POPI training and comprehensive POPI policies for corporates. We also update PAIA Manuals for compliance with POPI.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.