On the 7th September, the National Assembly voted in favour of Advocate Pansy Tlakula being appointed as the National Information Regulator. This enables the President to proclaim the Protection of Personal Information Act (POPI) effective and operational. In terms of the transitional arrangements contemplated in section 114, organisations would then have 12 months to become compliant, although the Minister could provide for a longer period, not exceeding 3 years.
What do we expect from this appointment?
Europe is celebrating their 21st year of privacy protection, and POPI was modelled on the EU Privacy Directive. The various country specific data protection authorities, have in this period provided significant direction and guidance through regulation, position papers and opinions. South African organisations will expect similar clarity from Advocate Tlakula on a number of POPI aspects. We anticipate the first request to be for the maximum transitional period of 3-years to be provided, followed in close succession with a request for clarity around the breach notification protocols to both data subjects and the Regulator. Guidance will also likely be sought around the specifics of what constitutes appropriate and reasonable information security measures.
However, none of these clarification points should stop the initiation of, or progress with, your organisation’s POPI readiness project.
Don’t react by introducing/spending money on too many interventions. It will take time to get POPI compliant. In the meantime, some quick steps that are cost effective are recommended in or 6 point checklist below:
Have a look at this comprehensive article on Creating a Communications plan for your NGO.
Are you using your prospecting information ethically? See these 5 questions to help you test your prospect information.