POPIA unpacked: What you need to know
By Peter Grealy, Nozipho Mngomezulu, Karl Blom, Wendy Tembedza, Webber Wentzel
After years of starts and stops – virtually all the operational provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) finally came into force on 1 July 2020. All businesses and public bodies will be affected. This development impacts every public and private body in South Africa.
The infographic below provides an overview of the instances in which POPIA will apply to processing activities and the obligations that come with POPIA. There is a 12-month grace period – until 30 June 2021 – by which to comply with the comprehensive requirements set out in POPIA; and non-compliance can result in significant penalties – up to 10 years' imprisonment and/or ZAR10 million in administrative fines.
POPI’s reach is wide – it regulates all organisations that process personal information – information about employees, customers, suppliers and those who outsource key processing activities, share data offshore, or engage in direct marketing.
We can offer clients a cradle-to-the-grave service, including POPIA audits, gap analyses, insurance, training, data protection impact assessments, crisis planning for data breaches and expert advice in engaging the Information Regulator and managing litigation.