You are correct in that President Cyril Ramaphosa proclaimed 1 July 2020 to be the commencement date of certain important sections of the Protection of Personal Information Act 4 of 2013 (POPIA). These sections include the provisions pertaining to notifying the data subjects when collecting their personal information, the manner of accessing personal information and performing direct marketing using electronic means. Responsible parties, which included all businesses that process (as defined by POPIA) personal information, will have until 30 June 2021 to ensure their compliance with these provisions.
Although 12 months may sound like a long period to establish compliance, it is cautioned that putting the necessary physical and electronic measures in place to satisfy POPIA may not always be so easy and quick to do and your business should immediately commence if it has not already done so. Measures may also be costly, and given that many businesses will be scrambling in these coming months to ensure their compliance, businesses may encounter capacity and availability issues with advisors and experts that are unable to assist due to the high demand.
If one considers that being POPIA compliant is not only a legal necessity but can also help with client confidence, creating business legitimacy and even attracting international partners wishing to work with compliant businesses, it stands to reason that being POPIA compliant is a far more attractive option than the reputational risk of not being compliant, not to mention the fines of up to R10 million and/or the risk of imprisonment.
It therefore stands to good reason that businesses should make haste if they have not yet done so, to assess their POPIA compliance, and where necessary, put the necessary measures in place timeousely, before they get caught with their pants down.
