Home » Blog » Law » POPI Update: Commencement date announced – What you need to know!

POPI Update: Commencement date announced – What you need to know!

POPI data protection rights
Photo by http://www.cerillion.com/Products/SaaS/Cerillion-Skyline

The President of South Africa, Cyril Ramaphosa announced a commencement date for certain sections of the Protection of Personal Information Act, 2013 (POPI) on 22 June. The Commencement date of POPI is on 1 July 2020.

For those who are not familiar with the Act, the purpose of POPI is to protect personal information, to strike a balance between the right to privacy and the need for the free flow of, and access to information and to regulate how personal information is processed. The Act gives effect to our constitutional right to privacy in terms of section 14 of the Constitution of the Republic of South Africa,1996.

In short, it provides protection for consumers’ personal data in the context of data collection and processing and it gives a consumer more control over their data. In addition, it also provides procedures for dealing with complaints in case of a breach. It applies to all local and foreign organizations processing personal information in South Africa.


Certain sections regarding the establishment of an Information Regulator already commenced on April 2014. The Information Regulator took office on 1 December 2016.


Sections 2 to 38; Sections 55 to 109; Section 111, and Section 114 (1), (2) and (3) will commence on 1 July 2020.

These sections are the following:

  • Application provisions (Chapter 2 of the Act);
  • the conditions for the lawful processing of personal information (Chapter 3 of the Act);
  • the exemptions for processing of personal information (Chapter 4);
  • the regulation of the processing of special personal information; (Chapter 3 of the Act);
  • prior authorization (Chapter 6 of the Act);
  • codes of conduct issued by the Information Regulator (Chapter 7 of the Act);
  • procedures for dealing with complaints (Chapter 7, section 63 of the Act);
  • provisions regulating direct marketing by means of unsolicited electronic communication (Chapter 8 of the Act); and
  • general enforcement of POPI.

The transfer of the enforcement of the Promotion of Access to Information Act from the South African Human Rights Commission to the Information Regulator (section 110 and section 114(4)) will come into effect on 30 June 2021.



The contravention of certain sections of POPI attracts a fine or imprisonment for a period not exceeding ten years or both a fine and imprisonment.

The Act allows a 12-month grace period after the commencement date. That being said, it is of paramount importance that the responsible parties who process personal information to be POPI compliant, implement changes, and raise awareness of the Act within your organizations as soon as possible.

For more information on the 8 conditions that a responsible party must comply with to be POPI compliant, please read my previous post “Striking a balance between data privacy and processing of information for marketing purposes”.

Feel free to share this post, click on social icons below to share.


Share post:

3 thoughts on “POPI Update: Commencement date announced – What you need to know!”

  1. Kaylen Kensley

    Good hopefully Banks can stop selling our information to the highest bidder now…

  2. Pingback: 8 Conditions of the POPI Act - POPI Compliance - Cyber Bene

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: