“My business processes a large amount of personal information of clients. We have been anticipating the commencement of POPIA, but remain unsure as to when it will become operational. Can you give any feedback on the current status of POPIA?”
The commencement of the Protection of Personal Information Act No. 4 of 2013 (“POPIA”) has many business owners scratching their head about when and how they must ensure compliance. Yet despite this anticipation, delays in the full commencement of POPIA have raised questions about whether this legislation will ever fully come into effect.
That said, it appears as if the wait and uncertainty may soon be over as the Chairperson of the Information Regulator, Advocate Pansy Tlakula, recently requested President Cyril Ramaphosa to declare that the remaining provisions of POPIA should commence on 1 April 2020. If the President acts on the Information Regulator’s request, then the remaining provisions will take effect on 31 March 2021.
To explain these commencement dates, it is important to note that responsible parties in terms of POPIA who process personal information (as defined in POPIA), will be granted a 1-year grace period during which you must obtain compliance and get your affairs in order. If the remaining provisions of the Act commence on 01 April 2020 as expected, Responsible Parties will have to comply with the Act by 31 March 2021 in order to avoid the possibility of being held liable for their non-compliance.
Despite this grace period, it must be noted that complacency cannot be afforded as once POPIA commences, the processes that need to be put in place can be extensive and time-consuming to be operational by the time the grace period is over.
Be prudent and make sure that your business is fully prepared for POPIA. If you are unsure about whether you are or will be ready, consult a data protection specialist to help you formulate an implementation plan. The key is not to delay, as 2020 might be the year of POPIA.