Sections 2 – 38, 55 – 109, 111, 114 (1), 114 (2), 114 (3) commenced on 1 July 2020.
Sections 110 and 114 (4) shall commence on 30 June 2021.
The Protection of Personal Information Act will have significant implications, both for the citizens of this country whose information is processed by any number of companies and public bodies, and for the companies and public bodies that process this Personal Information.
PURPOSE OF THE LAW
POPIA aims to regulate the collection and processing of Personal Information by both private and public bodies, including the State. POPIA seeks to protect and prevent the abuse and mis-use of Personal Information owned by individuals and legal entities (Data Subjects) in South Africa, which information is collected, processed and used by others, especially by Private and Public bodies. POPIA however, must not be seen as a law which frustrates the operations of ones business and to this end POPIA seeks to create a careful balance between a persons’ Constitutional right to privacy and the needs and interest of commerce, government and business in the private and public sector.
RISKS AND CONSEQUENCES OF NON-COMPLIANCE
Any person who is affected by non-compliance of any of the provisions of POPIA is known as the complainant. The complainant may submit a complaint to the Regulator in writing detailing the acts of non-compliance pertaining to the information processing principles. If the Regulator finds the compaint to be valid, an investigation will be conducted.
IMPLEMENTATION HEADACHES
Implementing POPIA is not an easy task. Whilst Responsible Parties will have 12 months from 1 July 2020 to comply with the Act, putting procedures and controls in place, in order to comply with POPIA will take substantial effort and time. The Legal Team has prepared an Implementation Framework/ Roadmap which sets out the various tasks which need to be planned and actioned in order to ensure the lawful processing of Personal Information (PI), including:
- Conducting a PI impact assessment;
- Analysing all PI Procedures and placing this into a PI data map;
- Preparing and implementing Policies, Section 18 procedures and other POPIA documents; such as – Operator Agreements, Data Transfer Agreements and Binding Corporate Rules;
- Implementing safeguards in respect of the use, sharing and storage of PI, including the archiving thereof.
Please contact The Legal Team should you require any assistance with:
- Training and Workshops on POPIA;
- The Development of POPIA documentation;
- Conducting a POPIA Gap Audit, including Data Security and IT Audits
- Assisting with Implementation of the Law within your Organization