Businesses have until 01 July to become compliant with the Protection of Personal Information Act (POPIA), but it is important to note that certain regulations will come into effect sooner.
POPIA took effect on 01 July 2020, with other provisions coming into force on 30 June 2021.
Businesses have been provided with a one-year grace period, until 01 July 2021, to become POPIA compliant or face the consequences set out in the Act.
It is important to take note of the fact that regulations may also be published in relation to POPIA from time to time. These regulations will provide additional rules and requirements which businesses may need to comply with. POPIA compliance is therefore not a once-off thing but a process that will need to be regularly reviewed to ensure compliance.
Recently, the Information Regulator announced the imminent commencement of certain regulations in terms of POPIA, relating to the protection of personal information.
Code of conduct 1 March 2021
With effect from 1 March 2021, the provisions of the regulations in relation to the application for issuing a code of conduct became effective. This allows private or public bodies that are sufficiently representative of various entities in an industry, to apply for a code of conduct to be considered for that specific industry.
Information officer 1 May 2021
With effect from 01 May 2021, the regulations in relation to the responsibilities of information officers will take effect. This is significant for businesses, since every entity that must comply with POPIA must have an information officer – the person responsible within the business for POPIA compliance, privacy and data governance. These regulations supplement the responsibilities set out in POPIA and emphasize the obligation to develop a compliant PAIA manual, as well as internal processes and procedures to advance data subject participation and internal POPIA training.
Deadline for compliance looming
With the deadline for attaining POPIA compliance approaching fast and potentially further regulations and requirements being imminent, it is vital that compliance be prioritized given the hefty consequences for a failure to be compliant.
It is difficult to exactly state what areas of compliance you would need to have in place, but it would be highly advisable to enlist the help of your attorney or POPIA specialist to help you and review what you have in place and what would still need to be done before the Act and regulations take full effect.