Commencement of the Protection of Personal Information Act
The President announced and published a proclamation, on 22 June 2020, that the majority of the provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) will commence on 1 July 2020.
POPIA is the new South African data protection legislation. The proclamation means that all the substantive requirements in POPIA in relation to data protection will be applicable from 1 July. These include, amongst other things, the conditions for the lawful processing of personal information and requirements for:
the treatment of sensitive personal data and children’s information;
the prior authorisation of certain processing activities;
the cross-border transfer of personal data;
the security of personal information;
the duties and responsibilities of Information Officers;
direct marketing by means of unsolicited electronic communication; and
reporting and notification of data breaches.
POPIA provides for a transitional period of 1 year. This means that both private businesses and organisations and public bodies that process personal information must, at this stage, ensure that they comply with POPIA by 1 July 2021.