The Protection of Personal Information Act (“POPIA”):
Protecting personal information is not only a statutory duty but also represents sound business practices.
2.1 During April 2014, sections of POPIA dealing with the aspects listed below, came into force:
2.2 The Information Regulator (“IR”) was established at the end of 2016 and is empowered to monitor and enforce compliance in line with the provisions of the Promotion of Access to Information Act, 2000 (“PAIA”) and POPIA. (Refer to the Information Regulator’s website: http://www.justice.gov.za/inforeg/index.html for more information in this regard).
2.3 The IR has published draft POPIA regulations in September 2017, for public comment by 7 November 2017. Amongst others, the draft regulations covered the following aspects:
2.4 In November 2018, the IR indicated that the anticipated publication date of the final regulations is April 2018.
The IR also indicated that it endeavours to be fully operationalised in 2018 and that the remaining sections of the Act will commence once the Regulator is fully operational.
3. Effective date
Once the Act comes into full force, business practices must be brought in line with the new requirements within 12 months (with the information Regulator having an option to extend this period for another two years). Based on international benchmarking, it takes up to three years to be compliant with the requirements of similar privacy legislation in other countries.
4. Areas of business impacted by POPIA
The biggest impact on business will generally be in the following areas:
It is also imperative that organisations ensure compliance with PAIA and it is recommended that PAIA compliance be included in the scope of POPIA readiness exercises.
5. Potential risks to business
Non-compliance poses a huge reputational risk, financial risk (administrative fines of up to R10 million) and operational risk (such as spending operational time to re-actively align business processes, documents and systems with the legal requirements).
6. What should we be doing now?
If not done already…
Written by Karus Prinsloo
EOH Legal Services
EOH Legal Services can help
EOH Legal Services have been assisting clients in industries such as retail, manufacturing, tertiary education, aviation, mining and financial services with POPIA services (including conducting readiness overviews and preparing POPIA Roadmaps, awareness training, legal opinions and consulting services).
Please refer to http://eohlegalservices.co.za/services/legal-compliance-services/ for more information about our value-adding compliance service offerings and contact Karus Prinsloo on 087 405 1827 or firstname.lastname@example.org for more information in this regard.
The BarnOwl Compliance module is fully integrated with the EOH Legal Services content
The BarnOwl compliance module enables an organisation to manage its regulatory universe by rating and monitoring compliance to the acts, regulations and provisions at every level of the organisation, where applicable. BarnOwl offers a pre-built compliance framework based on best practice compliance management processes as set out in the SA compliance institutes handbook (Generally Accepted Compliance Practice Framework (GACP)):
Compliance legislation from EOH Legal Services can be imported directly into BarnOwl. Updates to the regulations and provisions can be uploaded into BarnOwl automatically. Please see http://www.barnowl.co.za/wp-content/uploads/2017/04/BarnOwl-Compliance-Management-datasheet-Final.pdf for more information on the BarnOwl compliance module
BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Australasia, Europe and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework. Please see www.barnowl.co.za for more information.