The Protection of Personal Information Act (POPIA) was signed into law in 2013. Ever since, business has been advised that POPIA’s coming into full operation was imminent, but we are still awaiting this to happen. Recently the Information Regulator asked the President to proclaim the POPIA commencement date as 1 April 2020 (which means the effective compliance deadline will be 1 April 2021).
Having to deal with the COVID-19 scare, the financial impact of Eskom and SAA’s problems, commentators are not convinced however that 1 April will be the date for coming into operation. This should not translate into procrastination. The POPIA is (just) good business practice in operation, requiring proper data management processes: It is good business sense to know what data you have, why you have it and what you do with it.
Whether it comes into effect 1 April or later this year, do what is reasonably practicable in your business to start aligning your practices with the requirements of the POPIA, appoint an Information Officer, train your staff, put policies in place, because ultimately it is coming.
