The functions of the Information Regulator include:

  • to provide education about the Protection of Personal Information Act, for example, giving advice to data subjects in the exercise of their rights;
  • to monitor and enforce compliance with POPI;
  • to consult with interested parties;
  • to handle complaints;
  • to conduct research and to report to Parliament;
  • to issue codes of conduct and make guidelines to assist bodies to develop codes of conduct;
  • to facilitate cross-border cooperation in the enforcement of privacy laws.

The Information Regulator will have the power to conduct investigations, order publicity of data breaches, and issue administrative fines of up to ZAR10 million.

Next steps

  • Regulations must be promulgated under POPI, for example, including regulations setting out the cost of making a subject access request and the prescribed standards for codes of conduct.
  • The announcement of a commencement date. Organisations will not be liable for fines or non-compliance for a period of 12 months from the commencement date.

If you haven’t started yet, now is the time for organisations to start or ramp up their POPI implementation efforts. Our virtual privacy lawyer, POPI Counsel, can assist with your privacy law questions and provide practical guidance through your implementation process. POPI Counsel produces legal opinions for you on demand, anytime and anywhere. Contact us for more information.

The chairperson, Pansy Tlakula, full-time members, Lebogang Stroom and Johannes Weapond, and part-time members, Tana Pistorius and Sizwe Snail, have been appointed to the Information Regulator with effect from 1 December 2016 and will serve for a period of five years.

See the official statement here & see our previous blog for more info.