The Protection of Personal Information Act has been a long time coming. And since its promulgation in 2013, various organisations have embarked on projects to bring their operations – and the way in which they handle personal information, in line with POPI’s requirements and conditions.
Once this seemingly daunting task has been started, we have seen that many organisations realise that POPI is not that “unfair” to responsible parties (organisations or persons who collect, process (read “use”) and store personal information) after all – it actually comes down to good business practices that can have a very positive overall effect on the controls and processes of the company.
Tackling a compliance project like a POPI compliance project can however take a significant amount of time, require dedicated resources and will also require the necessary guidance to fully understand the POPI impact on the organisations – especially with regards to obligations that can pose large risks if neglected. In newsletters to follow, we will unpack these in more detail. So watch this space for the first information sheet of our “POPI series” next month.
There have been some rumours in different industries that POPI’s effective date is imminent, which have caused an anxious state for many organisations that suddenly realised that their current non-compliance needs to be addressed. Although we believe that it is unlikely that the commencement date will be published in the near future (please note that we have been wrong before, and this is merely our view, based on all the steps that we believe should probably take place first – to ensure effective enforcement), we seriously advise organisations who have not started their projects to commence without any further delays. Companies who started their projects but somehow lost a bit of steam (granted, it is rather difficult to keep the momentum going without a fixed date) should pick up on it again and finish the good work that it started!
Remember that there is NO quick fix for POPI compliance. Any project will also require training to really be successful. Depending on the size of your organisation, it may take years to complete a successful project.
Currently the only POPI sections already in force, are those relating to the administrative side and that allow for the Information Regulator to be set up. The Information Regulator will comprise of 4 members and 1 chairperson. After the Information Regulator has been appointed, it will first need to create its administration and staff, in order to give effect to and enforce POPI rights.
Lastly, the Regulations will also need to be created.
To conclude – there is no real indication as to when the commencement date will be published. Organisations will have a one year period from the commencement date to become compliant. If you have not started your project, we suggest that you start without any further delay.