https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / Webber Wentzel RSS ← Back
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Embed Video

The Protection of Personal Information Act - The upcoming compliance battle

The Protection of Personal Information Act - The upcoming compliance battle

28th September 2015

SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

You may be aware that the Protection of Personal Information Act, No. 4 of 2013 (POPI) was signed into law on 19 November 2013. While certain sections of POPI came into force on 11 April 2014, there are a number of remaining provisions that are not yet in effect. It is clear that Government has started taking steps to implement POPI and it is possible that an announcement about the commencement of the outstanding sections may follow shortly. The commencement of the remaining provisions will lead to a 12 month grace period, after which all responsible parties, as defined in POPI, will need to be compliant with POPI. If responsible parties do not comply with their duties in terms of POPI, they may be subject to an administrative fine. The extent of the administrative fine is dependent on the circumstances and is determined by the Information Regulator. The fine could be up to ZAR10 million, in addition to the considerable reputational risk associated with non-compliance.

In terms of POPI:

Advertisement
  • a "responsible party" is a public or private body or any other person which determines the purpose of and means for processing personal information; and
  • an "operator" is a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.

POPI requires all responsible parties to, amongst other things, ensure that there are adequate security measures in place for the processing of personal information, which includes the duty to enter into an adequate written contract with each of their operators in which certain duties are imposed upon the operators.

Those of you who process personal information on behalf of responsible parties may have received queries regarding your compliance with POPI, along with requests to conclude further agreements to ensure such compliance. If not, you are likely to receive such queries or requests in the near future.

Advertisement

Similarly, as the responsible party, you may be looking at contacting your operators and concluding agreements to ensure that the operators assist you in fulfilling your duties in terms of POPI. Suppliers are themselves data subjects and responsible parties owe obligations to suppliers in respect of the processing of personal information of suppliers. Agreements with suppliers should therefore not only address security safeguards, but also the obligations which responsible parties have to operators.

Both parties, the "responsible party" and the "operator", need to have strict measures in place when the 12 month grace period of POPI expires.

Issued by Webber Wentzel

EMAIL THIS ARTICLE      SAVE THIS ARTICLE

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options
Free daily email newsletter Register Now