ITNewsAfrica logo

linkedin   twitter icon   facebook   youtube


D-Day for POPI Act compliance looming

Written by Ezra Pillay, Compliance Specialist, LexisNexis South Africa


[Durban, 25 August 2020] After a seven year wait President Ramaphosa announced 01 July 2020 as D-Day for the commencement of the POPI Act. Businesses will have a grace period of 12 months in which to ensure they are compliant with the various parameters of the Act. A forerunner of a new generation of legislation for South Africa, the Protection of Personal Information Act No. of 2013 was originally anticipated for April this year.

The South African Constitution provides that everyone has the right to privacy, which the POPI Act gives effect to, safeguarding personal information while balancing the right to privacy against other rights such as the right of access to information and the free flow of information. Entities that process personal information will need to do so in a lawful manner, ensuring the safety of the information they have access to, protecting individuals from data breaches and information theft.

While the POPI Act has been a long time in the making there was previously no information regulator in existence and infrastructure has had to be established from the ground up, with South Africa playing catch up to the rest of the world in terms of privacy laws. The Act was originally tabled 12 years ago, in 2009 and signed into law in 2013, yet very few of the provisions in the Act have been operational to date.

The Act has been implemented incrementally since April 2014, with the remaining provisions requiring readiness on the part of the Information Regulator, the members of which took office on 01 December 2016, to assume its powers, functions and duties in terms of the Act.

The provisions to commence 01 July 2020 include Section 2 to 38; sections 55 to 109; section 111; and section 114 (1), (2) and (3) include, amongst others, the conditions for the lawful processing of personal information, provisions regulating direct marketing by means of unsolicited electronic communication, and general enforcement of the Act and stipulating that within one year of the commencement of the Act, all entities will be required to comply.

Two sections, Section 110 and 114 (4) will commence on 30 June 2021, following the effective transfer of functions of the Promotion of Access to Information Act, 2000 from the South African Human Rights Commission to the Information Regulator.

Although the Act allows for a 12-month period for complete compliance, it stands to reason that both the private and public sector should attempt to comply as soon as possible to protect the rights of individuals. The appointment of a dedicated POPI Act compliance officer or team, dependent on the function and size of the organisation, upskilling of this function and provision of access to tools that deconstruct the specifics of the Act should be prioritised. These tools need to provide detailed and understandable commentary, practical checklists to follow for the implementation of the regulations in plain, understandable language to ensure compliance is achieved, and penalties avoided.

Click here to download a Free POPI Act Readiness/Compliance Checklist.

About Ezra Pillay
Ezra Pillay, Compliance Specialist: Data Protection and Technology at legal technology provider, LexisNexis South Africa has an LLB from the University of KwaZulu-Natal and is an Admitted Attorney of the High Court of South Africa. He has also qualified in Compliance Management from University of Johannesburg and in Business Systems Analysis at the University of Cape Town.

About LexisNexis® Legal & Professional
LexisNexis Legal & Professional is a leading global provider of legal, regulatory and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world. As a digital pioneer, the company was the first to bring legal and business information online with its Lexis® and Nexis® services. LexisNexis Legal & Professional, which serves customers in more than 150 countries with 10,600 employees worldwide, is part of RELX, a global provider of information-based analytics and decision tools for professional and business customers. In South Africa LexisNexis® has been assisting companies and professionals to remain abreast of changing legislation and shifts in the regulatory environment for over 80 years, combining the best of local knowledge in Butterworths with leading-edge tools and online solutions that have positioned the company as a pioneer of legal technology. LexisNexis South Africa’s business units include LexisNexis Legal Information and Compliance, LexisNexis Data Services, LexisNexis Business Software Solutions and LexisNexis Academic. South African investment firm, Tsiya Group acquired a minority interest in LexisNexis South Africa in July 2012.

Issued by:
Kim Blom
Logico Creative Solutions
Tel. +27 (0)31 207 2887

On behalf of:
Neliswa Mncube
GM: Corporate Communications & Brand
LexisNexis South Africa
Tel. +27 (0)31 268 3284




ITNewsAfrica logo

Download Button