While the Protection of Personal Information Act (POPIA) may take up to two years to be fully implemented, responsible businesses should take steps now to ensure compliance. The act will shift how businesses process and regulate customer information on an integral level.
At its first public briefing on 13 February 2017, Pansy Tlakula, the Information Regulator, addressed the public on the various pressing matters pertaining to POPIA. This included the long-awaited commencement date. The act can only be implemented once the affairs of the Chairperson’s office are in order, which may take up to two years. However, she assured that, while this is a complex and time-consuming process, they understand the urgency of getting POPIA off the ground and will try their best to accelerate this process. If their efforts are successful, POPIA could even launch by the end of 2017.
However, the foundations of POPIA are already being put into place. The process of drafting regulations is underway, and the Information Regulator is undertaking a benchmarking exercise to understand best practices in data protection across the globe. This includes observing the European Union’s new General Data Protection Regulation.
Although a one-year grace period may seem sufficient, it is vital to take steps towards being POPIA-compliant now. This level of compliance will require a thorough review of how your business collects, reviews and shares data, as well as the checks and balances in place to ensure responsible use of data. POPIA’s influence may also extend into the hiring of new staff or restructuring of departments.
At Harty Rushmere, we are able to guide your business through the process of POPIA compliance. For more information, contact us.