https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Press Office / Webber Wentzel RSS ← Back
Service
Service
service
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Information Regulator extends commencement date for POPIA prior authorisation

Close

Embed Video

Information Regulator extends commencement date for POPIA prior authorisation

Information Regulator extends commencement date for POPIA prior authorisation

18th June 2021

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

The Information Regulator has extended the commencement date of the POPIA provision that requires organisations to obtain prior authorisation if they process certain categories of personal information.  The commencement date of that provision is now 1 February 2022.

This means that an organisation that is required to obtain prior authorisation from the Information Regulator does not need to suspend its processing of personal information during such time that the Information Regulator is processing its application for prior authorisation.  Such organisations will not incur any penalties under POPIA for processing personal information after 1 July 2021.  However, it is imperative that if your organisation does need prior authorisation, you must:

Advertisement
  • submit your application for prior authorisation to the Information Regulator before 1 February 2022
  • comply with the remainder of POPIA – failure to do so will attract penalties

​Organisations who perform the following activities are required to obtain prior authorisation from the Information Regulator:​​

  • Processing unique identifiers (for example, bank account details, identity numbers or telephone numbers) of data subjects for a purpose other than the purpose for which the identifier was specifically intended at collection, with the aim of linking the information with information processed by other responsible parties.
  • Processing criminal behaviour or illegal, objectionable conduct on behalf of third parties.  An example of this includes service providers who are contracted to perform criminal record checks for employers prior to offering employment to a prospective candidate.
  • Processing information for credit reporting (for example credit bureaus).
  • Transferring special personal information or personal information of children to a third party in a foreign country that does not have adequate data protection laws.
    • Tip: if you use cloud service providers to store your organisation's data, find out which country their servers are based in – you may unintentionally contravene the requirement to obtain prior authorisation if their servers are based in a country without sufficient data protection laws.

For more information about the requirement to obtain prior authorisation, please click here.

Advertisement

Written by Peter Grealy & Dario Milo from Webber Wentzel

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options
Free daily email newsletter Register Now
Register Close