24 March 2020 marked 100 days to the deadline to ensure compliance with the Protection of Personal Information Act, 2013 (POPIA).

The Information Regulator (IR) has prioritised certain processes that may be applicable to your organisation (which can be completed before 1 July 2021):

  • Registration of information offices – registration commences

On 18 March 2021, the Information Regulator announced on Twitter that:

  • the registration of information officers will commence on 1 May 2021;
  • the Draft Guidelines will be finalised once all public comments are taken into consideration; and
  • registration will be an on-going process to enable new entities to register and for existing one to update

Given many entities’ proactive compliance with the provisions of the Protection of Personal Information Act despite it not being enforceable, companies should be considering the impact of POPI (or data privacy laws with wide reach) when they carry out due diligence investigations. Depending on the nature of the transaction, the due diligence process can involve

A common response by businesses to the spread of COVID-19 has been to implement measures that require social distancing and remote working. To ensure business continuity, some of these measures rely on the availability of technology like VPN access, as well as the use of online platforms to hold team meetings, client calls, vendor engagement,

In a January 2020 interview, the Chairperson of the Information Regulator, Pansy Tlaluka, indicated that her office has requested President Ramaphosa to sign the remaining provisions of POPI into full force by 1 April 2020. These provisions will establish the minimum requirements for lawful processing of personal information with which all private and public persons

Privacy and data protection concerns have been triggered by Public Protector Busisiwe Mkhwebane’s reliance on President Cyril Ramaphosa’s private emails and bank statements of various entities used by his CR17 presidential campaign team. These records were used by Mkhwebane to support her report, which found that Ramaphosa had misled Parliament by failing to declare the

At the end of June 2019 the Information Regulator announced that the process of putting the Protection of Personal Information Act into effect is “going very slowly” and that:

  • A CEO started on 1 June 2019;
  • A CFO started on 1 July 2019;
  • Other executives are being appointed;
  • They are now at a point where