Reports have been circulating that the Protection of Personal Information Act, Act No 4 of 2013 ("POPIA") is to be implemented on 1 April 2020. Although POPIA became law on 19 November 2013, the parts of POPIA pertaining to the legal requirements for processing of personal information are not yet in effect.
The Information Regulator recently announced that it has written to President Cyril Ramaphosa requesting that POPIA be made effective from 1 April 2020. However, the commencement date must be promulgated by the President in the Government Gazette in order for it to be effective.
Once implemented, POPIA affords all parties processing personal information one year to ensure that they are POPIA compliant. This means that, if the President acts on the Information Regulator's request, the compliance deadline will be 1 April 2021.
Parties who process personal information are advised not to wait until the effective date to commence with their POPIA compliance, as it has been our experience that one year is often insufficient time to become fully compliant.
It is important to note that any person found to be in contravention of POPIA can be liable for a fine of up to R10 Million and/or up to 10 years' imprisonment.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
