The Information Regulator in SA published the final Protection of Personal Information (POPI) regulations on 14 December 2018.
The purpose of the POPI Act is to ensure all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise personal information in any way.
It has been a long road since the original POPI Act was signed by the then president Jacob Zuma and published in the Government Gazette on 26 November 2013.
A Business Report article published in December 2018 highlights what everyone needs to know about the Regulations. Click here to read more.
In a related ITWeb article law firm Michalsons comments as follows:
“For those who were hoping that these POPI regulations were going to provide practical guidance on how to comply with the POPI Act, I’m afraid you will be disappointed.”
The law firm explains that the regulations are only eight pages long (plus 35 pages of forms) and are largely administrative in nature and therefore do not help organisations to interpret the POPI Act or make it easier for them to comply.
They further add that there are no clear controls and the accountability is still left with the responsible party to apply the conditions to their circumstances.
“This is very much in line with what we have been saying for years; the regulations are not going to substantially change what you must comply with,” Michalsons said.
According to Michalsons the POPI Act regulations are final, but will only commence on a date to be determined by the regulator by proclamation in the Government Gazette.
Click here to download the final Protection of Personal Information (POPI) regulations.