The PoPIA rules were updated before the July 1 deadline

Startup Stories


The South African Information Regulatory Authority has announced that there will be no deadline for the registration of Information Officers and Deputy Information Officers. By June 30, 2021, the responsible party will not be liable for non-registration.


The information regulator said in a statement on Tuesday that this decision was made following technical glitches in the registration portal and several concerns raised by the responsible parties regarding the registration process.

“The regulator is currently looking at alternative registration procedures and will communicate this in due course. We understand that our portal failure has caused a lot of anxiety and panic and we sincerely apologize for that,” said the regulator’s chairman, Pansy Thlakula.

The registration of the Chief Information Officer of several legal entities is considered and allowed.

The registration portal is being configured to accommodate these changes. It will be announced when the registration portal is updated.

POPIA will still apply.

“The Protection of Personal Information Act (PoPIA) was announced by the President of South Africa in June 2020, with enforcement powers effective from 1 July 2021. The data controller has given responsible parties a one-year grace period to comply with the PoPIA.

“Responsible entities will be required to appoint and register their data officers with the data controller and apply for prior authorization before processing personal data, among many other duties to be POPIN compliant,” the regulator said.

Increased participation from responsible parties with the regulator. As this PoPIA enforcement powers approaches and less than 10 days remain.

In addition, the regulator has extended applications for prior authorization under section 57 (1) and section 58 (2) to February 01, 2022.

Responsible parties must obtain prior consent from the controller prior to any processing of personal data that the responsible party intends to:

  • Process any unique identifiers of the data subject.
  • Processing information on criminal behavior or illegal or objectionable conduct on behalf of third parties.
  • Processing information for credit reporting purposes.
  • Transfer children’s specific personal data or personal data to foreign countries that do not have an adequate level of protection for the processing of personal data.

The Information Commissioner will take over the Access to Information Act (PAIA) function from the South African Human Rights Commission (SAHRC) from 30 June.

If the public wants to file a complaint, they can approach the inspector for a ruling or approach the court directly.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *