The legislation that aims to promote the protection of personal information processed by public and private bodies and seeks to balance the right to privacy against other rights, such as access to information, will take effect from 1 July 2020. “The Protection of Personal Information Act, 2013 (Act 4 of 2013) gives effect to section 14 of the Constitution which provides that everyone has the right to privacy,” the presidency said in a statement on Monday, 22 June 2020. Since April 2014, the Act has been implemented incrementally.
It has now been announced that sections 2 to 38; sections 55 to 109; section 111; and section 114 (1), (2) and (3) shall commence on 1 July 2020. Sections 110 and 114(4) shall commence on 30 June 2021.
The sections which will commence on 1 July 2020 are essential parts of the Act and comprise sections which relate to:
● | The conditions for the lawful processing of personal information; |
● | The regulation of the processing of special personal information; |
● | Codes of Conduct issued by the Information Regulator; |
● | Procedures for dealing with complaints; |
● | Provisions regulating direct marketing by means of unsolicited electronic communication, and general enforcement of the Act. |
The sections that will commence on 30 June 2021 are:
Sections 110 and 114(4), which deal with the amendment of laws and the transfer of functions from the South African Human Rights Commission to the Information Regulator regarding the Promotion of Access to Information Act (PAIA).
Francis Cronje, an information governance specialist and contributor to the POPI Act, commented as follows in an ITWeb article:
“In essence, from the 1st of July 2020, organisations will have 12 months, or one year, to comply with the conditions for the lawful processing of personal information. No more delays, no more excuses, no more hiding. Organisations, public and private, big and small, and anyone processing personal information, will have to align their processing activities to the Act. Whether such processing involves personal information of your employees, prospective employees, part-time workers, contractors, clients, members, consumers, customers or third-parties or anybody else whose personal information you collect, use, share, retain, store, archive, delete or destroy – you, as a processing entity, will have to ensure that you, or anybody that processes personal information on your behalf, complies with the Act.”
Click here to download the presidency’s media release.