The Regulations to the Protection of Personal Information Act have been published by the Information Regulator. They will commence on a date to be determined.
The regulations are fairly short, but contain a raft of forms relating to the processing of information, for example:
- a form for objecting to the processing of personal information;
- requests for the correction or deletion of personal information;
- an application for consent to process personal information for the purposes of direct marketing to someone who is not a customer;
- complaint, enforcement and appeal forms; and
- notices relating to conciliation.
The responsibilities of Information Officers are also set out in more detail and include the development of a compliance framework which implements the Act and monitors and assesses compliance, and the development of a manual relating to the processing of personal information. Internal awareness campaigns must also be done.
The complaint and conciliation process is set out, allowing for the regulator to act as a conciliator during the investigation of complaints.
The publication of the regulations means that the implementation of the Act and the full empowering of the regulator is imminent. Make sure that you are POPI ready.