On 1 July 2021, South Africans will be expected to adhere to the watered down version of the Protection of Personal Information Act (POPIA)
On 1 July 2021, South Africans will be expected to adhere to the watered down version of the Protection of Personal Information Act (POPIA). The Information Regulator has extended the commencement date of the POPIA provision that requires organisations to obtain prior authorisation if they process certain categories of personal information. The commencement date of that provision is now 1 February 2022.
The section that has been extended is section 58 (2) in relation to the section 57 which is Application for Prior Authorisation that now has a deadline for 1 February 2022. This means that an organisation that is required to obtain prior authorisation from the Information Regulator does not need to suspend its processing of personal information during such time that the Information Regulator is processing its application for prior authorisation.
Such organisations will not incur any penalties under POPIA for processing personal information after 1 July 2021. However, it is imperative that if an organisation does need prior authorisation, it must submit the application before the 1 February 2022.
South Africa is gradually moving towards fully protecting the data and information of its citizens online. As part of this process, in terms of Section 40 (1) of POPIA the Information Regulator is empowered to monitor and enforce compliance. The Regulators enforcement powers will come into effect on 1 July 2021.
The Regulator has embarked on a recruitment process where it has recruited compliance and monitoring officers who will conduct monitoring of compliance with POPIA and PAIA. The Regulator also has investigative powers in terms of both POPIA and PAIA, which allows it to investigate complaints from the data subjects.
The Regulator has indicated that it is appointing an Enforcement Committee which will have powers to issue notices against responsible parties in an event where there is non compliance, which may result in administrative fines of up to 10 million rands, penalties and imprisonment may be imposed. What remains to be seen is the extent to which the monitoring will be effective.