After much anticipation, an important milestone in the road to commencement of the Protection of Personal Information Act, 2013 (POPI), has been reached. From 11 April 2014, the following sections of POPI are operational:
- Section 1, which contains the definitions and sets out the purpose of POPI;
- Part A of Chapter 5 (sections 39 to 54), which provides for the establishment of the Information Regulator, which is the body tasked with monitoring compliance with, and enforcement of, the provisions of POPI; and
- Sections 112 and 113 which provide for the making of regulations.
In a nutshell, the commencement of the above sections create the framework within which POPI will operate. The establishment of the Information Regulator, and the issuing of regulations, will help businesses flesh out their POPI compliance requirements. For the moment though, the effective sections do not impose any immediate compliance requirements on businesses.
Once the regulator is appointed and the regulations are in place, the remaining sections will be enacted. After that we will all have 12 months to comply.