News FlashesJuly 1, 2020

CRS News Flash 26 June 2020 – SOUTH AFRICA – POPI Act Commencement of remaining sections



It is important that employers note the following:

Commencement of the remaining sections of the POPI (Protection of Personal Information)  Act

The POPI Act was promulgated on 26 November 2013, with certain sections of the Act coming into effect on 11 April 2014. The purpose of the POPI Act is to protect personal information and prevent it from getting into the wrong hands, thus protecting individuals and juristic entities from any damage, including financial fraud, identity theft, misuse and the abuse of personal information

On Monday, 22 June 2020, President Cyril Ramaphosa announced that more provisions of the POPI Act will come into effect on 1 July 2020 and other sections on 30 June 2021. The commencement of the remaining sections is substantial, and all persons affected are encouraged to urgently consider and start implementing measures to comply with POPI

The sections that will commence on 1 July 2020 are:

  • Sections 2-38 dealing with exclusions and the conditions for lawful processing of personal information.
  • Sections 55-109 dealing with the responsibilities of information officers, direct marketing (unsolicited electronic communications), relevant Codes of Conduct and enforcement mechanisms (offences, penalties and administrative fines).
  • Section 111 dealing with fees.
  • Section 114(1), (2) and (3) dealing with transitional arrangements.The sections that will commence from 30 June 2021 are sections 110 and 114(4), which deal with the amendment of laws and transfer of functions from the South African Human Rights Commission to the Information Regulator regarding the Promotion of Access to Information Act.

    The Act applies to any information regarding suppliers or clients, including contact details and correspondence. Human resources and payroll data, CVs, applications for employment, CCTV records, performance reviews and internal e-mail records are also subject to POPI’s requirements.

    As an employer, it is very important to ensure that all information collected is safe. Measures must be put in place to deal with the loss, damage or unlawful access to the information

    Planning forward, an employer must think practically as to how these situations will be dealt with and ensure that the appropriate measures are taken to prevent them from happening.

    One of the sections taking effect next month states that all forms of processing of personal information must, within one year after the commencement of the section, be made to conform to the Act. This means that businesses will have to ensure compliance with the Act by 1 July 2021.

    Businesses that do not comply with the POPI Act, whether intentionally or accidentally, can face severe penalties. The Act makes provision for fines of up to R10 million and a jail sentence of up to ten years, depending on the seriousness of the breach.

    Herewith the POPI Act, 2013 and Government Gazette 43461 of 22 June 2020, announcing the commencement.


Contact our legislation team at if you require any additional information.
© 2020 C
RS Technologies (Pty)Ltd. All Rights Reserved.

2024/2025 Tax Guide

Download your copy of the CRS 2024/2025 Tax Guide

    This will close in 0 seconds

    We use cookies to ensure that we give you the best experience on our website.