POPIA update: POPIA regulations are coming into effect and the guideline on the codes of conduct is published

On 26 February 2021, the Guideline to Develop Codes of Conduct (Guideline) was gazetted and notice was given that Regulations issued in terms of the Protection of Personal Information Act 4 of 2013 (POPIA) are coming into effect. In relation to the Regulations, the Government Gazette (No 44191) notified that Regulation 5 (relating to the application for issuing of Codes of Conduct) is effective as of 1 March 2021. Regulation 4 (relating to certain responsibilities of Information Officers) will be effective on 1 May 2021 and the rest of the Regulations will come into effect on 1 July 2021.

2 Mar 2021 2 min read Technology, Media & Telecommunications Alert Article

At a glance

  • The Regulations issued under POPIA will have different effective dates: Regulation 5 (application for issuing Codes of Conduct) was effective from 1 March 2021, Regulation 4 (responsibilities of Information Officers) will be effective from 1 May 2021, and the remaining Regulations will come into effect on 1 July 2021.
  • Information Officers will have specific responsibilities under Regulation 4, including developing a compliance framework, conducting personal information impact assessments, maintaining an access to information manual, implementing systems to process requests for information, and conducting internal awareness sessions.
  • The Guideline to Develop Codes of Conduct has been published, providing guidance for industry bodies to apply for the approval of codes of conduct by the Information Regulator. Businesses need to ensure their processing of personal information aligns with POPIA provisions before the full implementation of the Regulations on 1 July 2021.

Responsibilities of Information Officers

With Regulation 4 being effective as from 1 May 2021, information officers will be required to comply with the following:

  • develop, implement, monitor and maintain a compliance framework;
  • undertake a personal information impact assessment to ensure that adequate measures and standards exist;
  • develop, monitor and maintain an access to information manual required in terms of the Promotion of Access to Information Act 2 of 2000 (PAIA) (commonly known as a PAIA manual);
  • develop internal measures and systems to process requests for information or access; and
  • conduct internal awareness sessions.

This would mean that the Information Regulator is likely to communicate the mechanism or process to allow for the registration of information officers in the coming weeks, in order that information officers may assume their duties.

Issuing a code of conduct under the Guideline

Chapter 7 of POPIA provides for the development of codes of conduct which may apply to certain types of personal information, specific industries, professions, bodies or to specific types of activities. 

The Guideline which has been published, is for the development of codes of conduct by the relevant industry bodies in terms of section 65 of POPIA. The Guideline provides guidance to industry bodies on the making of an application for a code of conduct to be approved by the Information Regulator. The Regulations prescribe the form for such application to the Information Regulator which may be submitted as from 1 March 2021.

With the remainder of the Regulations to commence on 1 July 2021, it is now more important than ever for businesses to ensure that their processing of personal information complies with the provisions of POPIA.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.