The Information Regulator held its first public briefing on 13 February 2017 regarding the Protection of Personal Information (POPI) act, or POPIA, as it is now referred to by the Information Regulator.
“Any public or private body or any other person that processes personal information, which includes collecting, receiving and/or storing any such personal information, needs to be aware of all PoPI related developments,” says Alexia Christie, a partner at Webber Wentzel’s technology, media, telecommunications and intellectual property practice.
Webber Wentzel notes these key highlights of the briefing:
• Commencement date: When asked about the long-awaited commencement date for PoPI, the Chairperson stated that PoPI could only come into full operation once her office had all its affairs in order. She cautioned that this is a complicated and time consuming process which could take up to two years, but that the Information Regulator was doing everything in its power to accelerate this process and to be fully operational by the end of this year.
• Regulations: The process of drafting regulations under PoPI is underway.
• Benchmarking: The Information Regulator will undertake a benchmarking exercise to observe data protection practices in other jurisdictions and to adopt international best practice, including having regard to the European Union’s new General Data Protection Regulation.
“PoPI compliance may require considerable time, effort and resources. Even a 12 month grace period may not be sufficient. Our advice is to take steps, now, to ensure you are PoPI-ready,” Christie recommends.