Data Protection & Privacy
On 22 June 2020, South African President, Mr Cyril Ramaphosa announced the commencement of the remaining provisions of the Protection of Personal Information Act 4 of 2013 ("POPI").
POPI was promulgated as early as 19 November 2013 but was only partially enacted on 11 April 2014 – i.e. only certain provisions relating to, the definitions, the establishment of the Information Regulator and the making of regulations under POPI were brought into force on 11 April 2014.
Today, the President has announced that the remaining sections of POPI which deal with the obligations by a responsible party (as defined) in relation to the processing and storage of "personal information" (as defined) will commence on 1 July 2020. The mandatory data breach notification provisions will also become effective from 1 July 2020
Only sections 110 and 114(4) (dealing with amendment of laws and changes required to the Promotion of Access to Information Act), will commence with effect from 30 June 2021.
In terms of section 114(1) of POPI, persons affected by POPI are afforded a transitional period of one year to conform to the requirements of POPI. Accordingly, all affected persons will have to ensure compliance with POPI by no later than 1 July 2021.
The commencement of the remaining sections of POPI is extensive and all persons affected are encouraged to urgently consider and start implementing measures to comply with POPI. A copy of the Government Gazette can be accessed here.
In the event that you require further information regarding POPI, Data Protection, Cyber Risk & Insurance and the impact of these latest developments on your business, please contact Ernie van der Vyver, Lee Astfalck, Reshana Pillay, Christopher MacRoberts or Nicole Britton.
Authors: Ernie van der Vyver, Nicole Britton and Noluthando Madide.