In our blog post on 7 November 2016 we referred you to the appointment of the members of the Information Regulator – which is an independent juristic person in terms of the Protection of Personal Information Act – commonly referred to as “POPI”. The Information Regulator will be responsible for monitoring and enforcing compliance with both POPI and the Promotion of Access to Information Act 2000 (PAIA).
The 5 members of the Information Regulator (Chairperson, 2 full-time and 2 part-time) have been appointed for a 5 year period that commenced the beginning of the month and according to a media statement issued by Adv. Tlakula (the Chairperson) on 2 December 2016, the Information Regulator held a meeting on 1 December 2016 to commence their function and duties. It has been confirmed that the full time member responsible for PAIA is Adv. Stroom-Nzama and the full time member responsible for POPI is Adv. Weapond.
The POPI commencement date has not been confirmed yet, but the general view in the industry is that 24 May 2017 is the likely day – as this will mean that compliance with POPI will be required as from the 25th of May 2018, which is also the date for compliance with the European Union’s General Data Protection Regulation.
In practice we are starting to see more clients focussing on POPI requirements and starting to create POPI awareness through training sessions and implementation of amended policies and practices. It would probably be unrealistic to think that POPI will mean a “quick fix” for all data concerns, but POPI will certainly play a big role to regulate the way in which companies manage data in future.