JUNE 2020 – SOUTH AFRICA
POPI ACT COMMENCEMENT
It is important that employers note the following:
Commencement of the remaining sections of the POPI (Protection of Personal Information) Act
The POPI Act was promulgated on 26 November 2013, with certain sections of the Act coming into effect on 11 April 2014. The purpose of the POPI Act is to protect personal information and prevent it from getting into the wrong hands, thus protecting individuals and juristic entities from any damage, including financial fraud, identity theft, misuse and the abuse of personal information
On Monday, 22 June 2020, President Cyril Ramaphosa announced that more provisions of the POPI Act will come into effect on 1 July 2020 and other sections on 30 June 2021. The commencement of the remaining sections is substantial, and all persons affected are encouraged to urgently consider and start implementing measures to comply with POPI
The sections that will commence on 1 July 2020 are:
- Sections 2-38 dealing with exclusions and the conditions for lawful processing of personal information.
- Sections 55-109 dealing with the responsibilities of information officers, direct marketing (unsolicited electronic communications), relevant Codes of Conduct and enforcement mechanisms (offences, penalties and administrative fines).
- Section 111 dealing with fees.
- Section 114(1), (2) and (3) dealing with transitional arrangements.The sections that will commence from 30 June 2021 are sections 110 and 114(4), which deal with the amendment of laws and transfer of functions from the South African Human Rights Commission to the Information Regulator regarding the Promotion of Access to Information Act.
The Act applies to any information regarding suppliers or clients, including contact details and correspondence. Human resources and payroll data, CVs, applications for employment, CCTV records, performance reviews and internal e-mail records are also subject to POPI’s requirements.
As an employer, it is very important to ensure that all information collected is safe. Measures must be put in place to deal with the loss, damage or unlawful access to the information
Planning forward, an employer must think practically as to how these situations will be dealt with and ensure that the appropriate measures are taken to prevent them from happening.
One of the sections taking effect next month states that all forms of processing of personal information must, within one year after the commencement of the section, be made to conform to the Act. This means that businesses will have to ensure compliance with the Act by 1 July 2021.
Businesses that do not comply with the POPI Act, whether intentionally or accidentally, can face severe penalties. The Act makes provision for fines of up to R10 million and a jail sentence of up to ten years, depending on the seriousness of the breach.
Contact our legislation team at firstname.lastname@example.org if you require any additional information.
© 2020 CRS Technologies (Pty)Ltd. All Rights Reserved.