The President of South Africa, Cyril Ramaphosa announced a commencement date for certain sections of the Protection of Personal Information Act, 2013 (POPI) on 22 June. The Commencement date of POPI is on 1 July 2020.
For those who are not familiar with the Act, the purpose of POPI is to protect personal information, to strike a balance between the right to privacy and the need for the free flow of, and access to information and to regulate how personal information is processed. The Act gives effect to our constitutional right to privacy in terms of section 14 of the Constitution of the Republic of South Africa,1996.
In short, it provides protection for consumers’ personal data in the context of data collection and processing and it gives a consumer more control over their data. In addition, it also provides procedures for dealing with complaints in case of a breach. It applies to all local and foreign organizations processing personal information in South Africa.
SECTIONS THAT HAVE ALREADY COMMENCED
Certain sections regarding the establishment of an Information Regulator already commenced on April 2014. The Information Regulator took office on 1 December 2016.
CERTAIN SECTIONS THAT COMMENCES ON 1 JULY 2020
Sections 2 to 38; Sections 55 to 109; Section 111, and Section 114 (1), (2) and (3) will commence on 1 July 2020.
These sections are the following:
- Application provisions (Chapter 2 of the Act);
- the conditions for the lawful processing of personal information (Chapter 3 of the Act);
- the exemptions for processing of personal information (Chapter 4);
- the regulation of the processing of special personal information; (Chapter 3 of the Act);
- prior authorization (Chapter 6 of the Act);
- codes of conduct issued by the Information Regulator (Chapter 7 of the Act);
- procedures for dealing with complaints (Chapter 7, section 63 of the Act);
- provisions regulating direct marketing by means of unsolicited electronic communication (Chapter 8 of the Act); and
- general enforcement of POPI.
The transfer of the enforcement of the Promotion of Access to Information Act from the South African Human Rights Commission to the Information Regulator (section 110 and section 114(4)) will come into effect on 30 June 2021.
WHAT ARE THE FINES AND PENALTIES FOR NON-COMPLIANCE?
The contravention of certain sections of POPI attracts a fine or imprisonment for a period not exceeding ten years or both a fine and imprisonment.
The Act allows a 12-month grace period after the commencement date. That being said, it is of paramount importance that the responsible parties who process personal information to be POPI compliant, implement changes, and raise awareness of the Act within your organizations as soon as possible.
For more information on the 8 conditions that a responsible party must comply with to be POPI compliant, please read my previous post “Striking a balance between data privacy and processing of information for marketing purposes”.
Feel free to share this post, click on social icons below to share.