Deepening Democracy through Access to Information
Home / Press Office / Webber Wentzel RSS ← Back

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by


Article Enquiry

Information Regulator extends commencement date for POPIA prior authorisation


Embed Video

Information Regulator extends commencement date for POPIA prior authorisation

Information Regulator extends commencement date for POPIA prior authorisation

18th June 2021


Font size: -+

The Information Regulator has extended the commencement date of the POPIA provision that requires organisations to obtain prior authorisation if they process certain categories of personal information.  The commencement date of that provision is now 1 February 2022.

This means that an organisation that is required to obtain prior authorisation from the Information Regulator does not need to suspend its processing of personal information during such time that the Information Regulator is processing its application for prior authorisation.  Such organisations will not incur any penalties under POPIA for processing personal information after 1 July 2021.  However, it is imperative that if your organisation does need prior authorisation, you must:

  • submit your application for prior authorisation to the Information Regulator before 1 February 2022
  • comply with the remainder of POPIA – failure to do so will attract penalties

​Organisations who perform the following activities are required to obtain prior authorisation from the Information Regulator:​​

  • Processing unique identifiers (for example, bank account details, identity numbers or telephone numbers) of data subjects for a purpose other than the purpose for which the identifier was specifically intended at collection, with the aim of linking the information with information processed by other responsible parties.
  • Processing criminal behaviour or illegal, objectionable conduct on behalf of third parties.  An example of this includes service providers who are contracted to perform criminal record checks for employers prior to offering employment to a prospective candidate.
  • Processing information for credit reporting (for example credit bureaus).
  • Transferring special personal information or personal information of children to a third party in a foreign country that does not have adequate data protection laws.
    • Tip: if you use cloud service providers to store your organisation's data, find out which country their servers are based in – you may unintentionally contravene the requirement to obtain prior authorisation if their servers are based in a country without sufficient data protection laws.

For more information about the requirement to obtain prior authorisation, please click here.


Written by Peter Grealy & Dario Milo from Webber Wentzel



To subscribe email or click here
To advertise email or click here

Comment Guidelines

About is a product of Creamer Media.

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more


We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store


Advertising on is an effective way to build and consolidate a company's profile among clients and prospective clients. Email

View options
Free daily email newsletter Register Now