2 March 2021 by , and Technology, Media & Telecommunications Alert

POPIA update: POPIA regulations are coming into effect and the guideline on the codes of conduct is published

On 26 February 2021, the Guideline to Develop Codes of Conduct (Guideline) was gazetted and notice was given that Regulations issued in terms of the Protection of Personal Information Act 4 of 2013 (POPIA) are coming into effect. In relation to the Regulations, the Government Gazette (No 44191) notified that Regulation 5 (relating to the application for issuing of Codes of Conduct) is effective as of 1 March 2021. Regulation 4 (relating to certain responsibilities of Information Officers) will be effective on 1 May 2021 and the rest of the Regulations will come into effect on 1 July 2021.

Responsibilities of Information Officers

With Regulation 4 being effective as from 1 May 2021, information officers will be required to comply with the following:

  • develop, implement, monitor and maintain a compliance framework;
  • undertake a personal information impact assessment to ensure that adequate measures and standards exist;
  • develop, monitor and maintain an access to information manual required in terms of the Promotion of Access to Information Act 2 of 2000 (PAIA) (commonly known as a PAIA manual);
  • develop internal measures and systems to process requests for information or access; and
  • conduct internal awareness sessions.

This would mean that the Information Regulator is likely to communicate the mechanism or process to allow for the registration of information officers in the coming weeks, in order that information officers may assume their duties.

Issuing a code of conduct under the Guideline

Chapter 7 of POPIA provides for the development of codes of conduct which may apply to certain types of personal information, specific industries, professions, bodies or to specific types of activities. 

The Guideline which has been published, is for the development of codes of conduct by the relevant industry bodies in terms of section 65 of POPIA. The Guideline provides guidance to industry bodies on the making of an application for a code of conduct to be approved by the Information Regulator. The Regulations prescribe the form for such application to the Information Regulator which may be submitted as from 1 March 2021.

With the remainder of the Regulations to commence on 1 July 2021, it is now more important than ever for businesses to ensure that their processing of personal information complies with the provisions of POPIA.

download PDF

The information and material published on this website is provided for general purposes only and does not constitute legal advice.

We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter.

We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages.

Please refer to the full terms and conditions on the website.

Copyright © 2021 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com

You may also be interested in