Years in the making, the Protection of Personal Information Act is inching towards completion. With talk of it being ready for rolling out, potentially as soon as 2017, companies need to ensure that they’re shifting towards compliance or risk coming under fire.
Parliament has recently voted to appoint an Information Regulator for the Protection of Personal Information Act (POPI) and the Promotion of Access to Information Act (PAIA). The National Assembly also voted in favour of the nomination of the five candidates earmarked to run the regulator.
Although their appointment must still be approved by the President, the date that POPI’s remaining provisions will come into effect is likely imminent. So the provisions not yet signed into law will be finalised. As soon as that happens, companies will have one year within which to ensure that their business practices are compliant (with the potential for a maximum extension of three years.
Businesses that gather customer data or interaction history, i.e., personal information such as anything that can be used to identify an individual -identity number, company registration number, physical address, email address etc. will then have to abide by any restrictions regarding how this information can be processed according to POPI legislation.