At long last? Information Regulator asks President Ramaphosa to bring POPIA into effect

The South African Information Regulator has written to President Cyril Ramaphosa, requesting him to declare the commencement of the remaining provisions of POPIA by proclamation in the Government Gazette.

3 Feb 2020 2 min read Technology, Media & Telecommunications Alert Article

According to the Information Regulator, the President has been requested to proclaim the commencement of the remaining sections of the Protection of Personal Information Act 4 of 2013 (POPIA) to be effective as from 1 April 2020 – which is the beginning of the Information Regulator’s financial year. This development comes after a very lengthy process to bring this law into being – a process which began in the year 2000 when the South African Law Reform Commission approved an investigation entitled “Privacy and Data protection” – an investigation which ultimately resulted in POPIA being signed into law in 2013.

Although the President assented to POPIA in 2013, the majority of the sections of the Act, which sections notably include the operative provisions which impose obligations on responsible parties, are not yet in force. Until such time, the personal information of data subjects remains vulnerable to exploitation without sufficient legal recourse being in place in South Africa, as the following sections of POPIA are the only sections which are currently in effect:

  • the definitions section (section 1);
  • the sections pertaining to the establishment, powers, duties and functions of the Information Regulator (sections 39 – 54); and
  • the sections pertaining to the procedure for making regulations (sections 112 and 113).

It is important to point out that even if the President complies with the Information Regulator’s request and declares the commencement of the remaining provisions of POPIA by proclamation in the Government Gazette, section 114 of POPIA makes provision for a one-year transition period (which will follow the commencement of section 114 and which may be extended by the Minister in respect of certain classes of information and bodies) in terms of which responsible parties will not be held liable for contraventions of the Act.

Therefore, should the President accede to the Information Regulator’s request, businesses have until the end of March 2021 to become compliant with the provisions of POPIA or may face being held liable for contraventions of the Act.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.