Privacy Law

During a recent speech on 13 February 2017 the newly appointed chair of the Information Regulator, Adv Pansy Tlakula, gave a few helpful pointers. But first a little background.

POPI has been formally published in the Government Gazette on 26 November 2013. However, POPI has not yet been enacted in full and only the sections dealing with the establishment of the Information Regulator have been promulgated.

In terms of section 114 all responsible parties will have a grace period of 12 months from the date POPI is fully enacted to become compliant.

Furthermore, the Minister may extend the section 114 grace period by a further three years, making it possible that there may be a four year grace period in total. This is not a given.

At this stage all we can work with are Adv Tlakula’s remarks. She said during her speech that the office of the Information Regulator needs to be established before the act can enter into force. This entails getting premises and appointing staff, a process that inevitably takes time. Adv Tlakula said she was advised that this process could take up to two years but they are working full steam to make it happen faster. 

Based on Adv Tlakula’s remarks it is reasonable to conclude that POPI will probably not be fully enacted during 2017. We are monitoring developments. 

Adv Tlakula also indicated that draft regulations have been prepared and that the public consultation process about the POPI regulations will start before the end of 2017.

To conclude, we deal with a uncertain position. We don’t know exactly when POPI will be fully enacted and once it has been enacted there could be a grace period of at least one year or a maximum of four years.

 Despite this uncertainty, we advise responsible parties to start working on their POPI implementation programmes. The impact of POPI on your business is likely to be significant and will take time, effort and resources to implement.