The Protection of Personal Information Act (POPIA) comes into force on the 1st July. This is a reminder for companies to have an Information Officer and a deputy. It is also a reminder of customer database users that one must have written permission to send recipients information as well as to store such information. 

Let us not fall into the trap of believing this law will have no legs, because the recipient will be the first to complain, just as we have done with the scam list purveyors claiming to have visitor list from Frigair 2021 and PlumbDrain 2020 – neither of which were held due to Covid (see our ‘Caution – scam’ story here).

Developments ahead of enforcement powers coming into effect

The Information Regulator has confirmed that there will be no deadline for registration of Information officers (IO) and Deputy Information Officers (DIO); this means that no responsible party will be held liable for not registering by 30 June 2021. This decision follows technical glitches with the registration portal and numerous concerns raised by responsible parties regarding the registration process.

“The Regulator is currently looking into alternative registration processes and will communicate this in due course. We understand that our portal malfunctioning has caused a lot of anxiety and panic and for that we really do apologise,” said Chairperson of the Information Regulator, Advocate Pansy Tlakula.

The registration of a Chief Executive Officer (CEO) as an Information Officer for multiple legal entities has been taken into consideration and it will be permissible. The registration portal is currently being configured to accommodate these changes. When the registration portal has been updated it will be announced.

The Protection of Personal Information Act (POPIA) enforcement powers as promulgated by the President of South Africa in June 2020 will still be coming into effect as of the 1 July 2021. The Information Regulator had thus afforded responsible parties a one-year grace period to be compliant with POPIA. For responsible parties to be compliant with POPIA they are required amongst many actions to appoint and register their Information Officers (IO) with the Information Regulator and apply for Prior Authorisation before processing personal information. There has been an exponential increase for engagement from responsible parties with the Regulator as the POPIA enforcement powers draw closer and are less than ten (10) days away. 

Furthermore, the Regulator has extended the applications for Prior Authorisation in terms section 57 (1) subject to section 58 (2) to 01 February 2022. Responsible Parties must obtain prior authorisation from the Regulator prior to any processing of personal information where that responsible party plans to:

  • Process any unique identifiers of a data subject.
  • Process information on criminal behaviour or on unlawful or objectionable conduct on behalf of third parties.
  • Process information for purposes of credit reporting.
  • Transfer special personal information or personal information of children to foreign countries that do not provide an adequate level of protection for processing of personal information.

The Information Regulator as of 30 June will also be taking over the function of the Promotion of Access to Information Act (PAIA) from the South African Human Rights Commission (SAHRC). Should the public need to lodge a complaint, they may approach the Regulator to adjudicate, or they may approach the court directly.

For more information and enquiries:

General enquiries: sends e-mail)
Codes of Conduct: sends e-mail)
Information Officers: sends e-mail)
Prior Authorisation: sends e-mail)

When measurement matters, talk to us.
We are your media connection locally, into Africa and beyond. 

Contact us


We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.