Quick Guide There was a grace period on Section 58(2) which ended on 1 Feb 2022. This grace period allowed you to continue processing while your application for prior authorisation was in progress. From now on, you will have to suspend processing while you wait for your authorisation decision under threat of penalty (see [...]
The Information Regulator has published Regulations for the POPI Act. These can be downloaded from the justice.gov.za/inforeg website.
Am I an 'operator' or 'responsible party' under POPI? It’s important to know whether you are regarded as an 'operator' or 'responsible party' under POPI. Both have certain obligations but the responsible party has a much broader responsibility. To determine if you are an operator, you can ask yourself whether you: Process the data solely in the interest [...]
Retain only as long as necessary POPI requires that 'records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected..." Section 14(1) Practically this may be one of the most difficult provisions to comply with as it requires a very clear picture of all purposes [...]
Likelihood of regulatory enforcement When looking at enforcement of privacy legislation in Europe it appears that there is a low level enforcement. 1 For example, the UK Information Commissioner's Office reports only 84 enforcement actions during the whole of 2014. 2 It remains to be seen how active the South African Information Regulator will be in enforcing [...]
How to register your Information Officer Quick FAQ #1: Your organisation, charity, school, club, etc does have an Information Officer under POPIA, and your IO does need to be registered. Quick FAQ #2: Your organisation, charity, school, club, etc does have to comply with both PAIA and POPIA. The Information Regulator has provided guidelines and [...]