Countdown for compliance with Protection of Personal Information Act

Thursday, March 25, 2021

With less than 100 days for public and private bodies to be compliant with the Protection of Personal Information Act (POPIA), the Information Regulator of South Africa is accepting applications for the approval of codes of conduct.

“Failure to comply with certain provisions of POPIA may result in the Information Regulator (IR) imposing an administrative penalty of up to R10 million as of 1 July 2021 or to imprisonment for a period not exceeding 10 years, or to both a fine and such imprisonment,” the regulator said on Wednesday.

The Act promotes the protection of personal information processed by public and private bodies and seeks to balance the right to privacy against other rights, such as access to information.

In preparation for the full implementation and enforcement of POPIA on 1 July 2021, the IR has prioritised the consideration of applications for approval of codes of conduct.

“The guidelines to develop codes of conduct, as well as the standards for making and handling complaints under approved codes of conduct were gazetted on 19 February 2021 and are available on the website.

“This means that the IR can now receive applications for codes of conduct and those applications may be sent to,” the regulator said.

The IR is currently processing public comments received on the draft guidelines for registration of information officers.

The guidelines for registration of information officers will now be called Guidance Note on Information Officers and Deputy Information Officers.

“It is anticipated that the Guidance Note on Information Officers and Deputy Information Officers will be published on the website on or before the end of April 2021 and registration will commence on 1 May 2021. An online registration portal for registration of Information Officers will be established,” the regulator said.

A Guidance Note on application for Prior Authorisation was issued by the IR on 11 March 2021 and is available on the IR website.

Accordingly, responsible parties may submit their applications for Prior Authorisation to the email address,

The IR is in the process of finalising the following prioritised documents:

- Guidance Note on Exclusions and Exemptions from POPIA;

- Template for notification of security compromises in terms of section 22 of POPIA; and

- Guidance Note on processing of personal information across borders. -