Contact

Contact Us

Gateway

Employee Gateway

Training

Book Training

Menu

Search

POPI Act Update – Other sections of POPI Act proclaimed

June 26, 2020

POPI Act Update – Other sections of POPI Act proclaimed

POPI Act Update – Other sections of POPI Act proclaimed

South Africa’s Protection of Personal Information Act 4 of 2013 (POPI Act) is implemented in various phases and the provisions dealing with the appointment and powers of the Information Regulator were already implemented two years ago. 

The remaining provisions were supposed to take effect in 1 April 2020 but full implementation has been delayed due to the coronavirus outbreak in the country. 

 

 

Although it has been consistently said that the POPI Act will not become effective until the Regulator is fully operational, the President proclaimed 1 July 2020 as the commencement date of the remaining sections of the Act that have not yet been implemented. 

Businesses in South Africa need to comply fully with the POPI Act as the Information Regulator will start enforcing compliance one year after the commencement date. In a previous blog article, ‘Update- Effective date for the POPI Act’ we discussed the sections of the Act that are already being implemented. The purpose of this blog is to highlight the sections of the Act that will take effect on 1 July 2020.

Which sections of the POPI Act will become effective as of 1 July 2020?

The following are essential parts of the Act that will come into effect on 1 July 2020:

  • Sections 2 to 38
    • The Purpose of the Act;
    • Application and Interpretation of the Act;
    • Lawful processing of personal information;
    • Rights of data subjects;
    • Exclusions;
    • The conditions for the lawful processing of personal information;
    • Exemptions from conditions for processing of personal information.
  • Sections 55 to 109, 111 and 114(1)(2)(3)
    • Duties and responsibilities of the Information Officer;
    • Prior authorisation;
    • Codes of conduct;
    • Rights of data subjects regarding direct marketing;
    • Transborder information flows;
    • Enforcement;
    • Offences, penalties and administrative fines;
    • Fees;
    • Transitional arrangements.

The implementation of the above sections of the Act means that the full spectrum of compliance and enforcement provisions is now in operation and all businesses and persons being in possession of another person or entities’ personal information, must become compliant.

What is the aim of the POPI Act?

  • The POPI Act will ensure that all businesses are held accountable for the collection, processing, storage and sharing of personal information.
  • Entities that process personal information must therefore ensure that they do so in a lawful manner. New company policies will be required for information processing, storage and deletion to ensure that such information is safeguarded and the risk of data breaches and theft of personal information is minimised. Section 19 of the Act places an obligation on businesses to take “appropriate, reasonable, technical and organisational measures” to prevent the loss and unlawful processing of personal information.
  • The Act aims to promote the protection of personal information processed by public and private bodies and seeks to balance the right to privacy with other rights, such as access to information. 

Conclusion

Full implementation of POPI is an onerous process and involves onsite audits, assessments, amendment of agreements with certain suppliers and training of staff. Businesses should therefore start adhering to the compliance requirements as soon as possible to ensure proper implementation. A previously published article, ‘Gearing up to meet POPI regulations’ will help with the first few steps that are crucial for organisations to start complying, raise awareness and begin planning.

SERR Synergy assists businesses in compiling Data and Information Protection Reports. Our professional legal team ensures that physical information and cybersecurity risks of organisations are identified and managed to maintain the confidentiality, integrity and availability of data. We provide organisations with various policies to ensure compliance in such a way that it adds business value to our clients and allows for improvement in efficiencies and effectiveness.

About the Author: Retha van Zyl completed her BCom Hons (Economics and Risk Management) studies at the North West University. She joined our team in January 2016 and currently holds the title ‘Information Compliance Advisor’. She specialises in POPI and PAIA compliance, which includes compiling and submitting PAIA Manuals to the Human Rights Commission. She also compiles the Data and Information Protection Report to identify risks associated with information security and drafts Information Security policies for procedural compliance in each department within an organisation.

Sources:

https://businesstech.co.za/news/technology/409567/this-is-when-south-africas-new-personal-information-laws-will-come-into-effect-what-you-need-to-know/

https://www.michalsons.com/blog/popi-commencement-date-popi-effective-date/13109

https://mybroadband.co.za/news/government/345917-south-africas-popi-act-what-you-need-to-know.html

https://www.gov.za/sites/default/files/gcis_document/201409/3706726-11act4of2013protectionofpersonalinforcorrect.pdf

https://www.news24.com/news24/southafrica/news/popi-act-further-sections-of-protection-of-personal-information-act-proclaimed-20200622

Print PDF

Latest Blogs

 
What can employers expect of an Employment Equity audit by the Department of Labour?
November 29, 2023
Outlining what Designated Employers can anticipate when undergoing an Employment Equity Audit by the Department of Labour.
Read More ›
 
Practical guide to claim points for Responsible Social Marketing and Communications under the MAC Sector Codes
November 23, 2023
Highlighting the B-BBEE compliance requirements for the Marketing, Advertising and Communication Sector Codes (MAC Sector Codes).
Read More ›
 
Understanding the Duties of a Designated Employer
November 14, 2023
Reviewing the duties of a Designated Employer in line with the Employment Equity Act.
Read More ›

You May Also Like

 
POPI Act and Direct Marketing - Opting in and Opting out
April 01, 2022
The Protection of Personal Information Act 4 of 2013 (POPIA) defines direct marketing as approaching a data subject (which could be either an organisation or an individual) in person, per electronic communication or by mail, for the purpose of promoting or advertising goods or services to the data subject or asking them to donate.
Read More ›
 
Practical steps to comply with the POPI Act
October 29, 2020
South Africa’s Personal Information Act 4 of 2013 (POPI Act) commenced on 1 July 2020, giving businesses 1 year to comply.
Read More ›
 
The importance of obtaining consent in terms of the POPI Act
July 24, 2019
Compliance with the Protection of Personal Information (POPI) Act will become increasingly important for all organisations. As the Information Regulator develops the POPI regulations further, the requirements will become clearer.
Read More ›
COVID-19
Online Resource & News Portal
SAcoronavirus.co.za