Commencement dates
The one-year grace period that was afforded to responsible parties to be compliant with the Protection of Personal Information Act (POPIA) came to an end on 30 June 2021. Responsible parties are now expected to be compliant with the provisions of POPIA as of 1 July 2021.
However, the Information Regulator announced that the commencement date of section 58(2) dealing with applications for Prior Authorisation will be extended to 1 February 2022. Responsible Parties must obtain prior authorisation from the Information Regulator prior to any processing of personal information where the responsible party intends to:
- Process any unique identifiers of data subjects.
- Process information on criminal behaviour or on unlawful or objectionable conduct on behalf of third parties.
- Process information for the purposes of credit reporting.
- Transfer special personal information or personal information of children to foreign countries that do not provide an adequate level of protection for the processing of personal information.
Registration of Information officers
The Information Regulator has confirmed that there will be no specific deadline for registration of Information officers and Deputy Information Officers. This decision follows technical glitches with the registration portal and numerous concerns raised by responsible parties regarding the registration process. However, once the issues with the online registration portal are resolved the Information Regulator would expect all Information Officers and Deputy Information Officers to be registered.
The Information Regulator also confirmed that the registration portal is being enhanced. There were some challenges with regard to the system not permitting the same natural person to register as an Information Officer on multiple legal entities. The system is being configured to accommodate these changes. When the registration portal has been updated it will be announced.
PAIA functions and Manual
The Information Regulator has taken over the function of the Promotion of Access to Information Act (PAIA) from the South African Human Rights Commission (SAHRC) as of 30 June 2021. As of this date, public and private bodies are not required to submit their PAIA Manual to the Regulator.
In relation to the scope of information that should be covered in PAIA manuals, this has been widened to include matters relating to POPIA. All previously developed PAIA manuals of both public and private bodies must be updated to include provisions relating to POPIA. In order to simplify the compilation process of PAIA Manuals, the Regulator has confirmed that it will publish PAIA manual templates as a guide.
Exemption
Over the last few years, smaller private bodies have been exempted from developing a PAIA manual. This exemption has recently been extended until 31 December 2021 to afford private bodies that are currently exempt adequate time to compile their PAIA Manual. From 1 January 2022, all public and private bodies (including those that are currently exempted) must have their PAIA Manual available at their principal place of business or on their web site, if any.
To read the Exemption, click here.
Service requests and Enquiries
For more information and enquiries, the Information Regulator can be contacted via email using the various mailboxes below:
General enquiries: enquiries@inforegulator.org.za
Complaints (complete POPIA/PAIA form 5):
- PAIAComplaints@inforegulator.org.za – should your PAIA request be denied or there is no response from a public or private bodies for access to records you may use this email address to lodge a complaint.
- POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this email address to lodge a complaint.
Manual registration of Information Officers:
- Registration.IO@inforegulator.org.za – Manual applications may be submitted to this email address if the registration portal for Information Officers is inaccessible.
Compliance:
- POPIACompliance@inforegulator.org.za – This email address should be used for POPIA compliance matters such as Applications for Prior Authorisations, Applications for Exemption, Applications for Processing of Information of Children, Applications for Processing Special Information, Applications for Codes of Conduct, Security Compromise notices (Data breaches)
- PAIACompliance@inforegulator.org.za – This email address should be used for Requests for assessment of non-compliance with PAIA, Submission of PAIA annual report by public and private and bodies, Requests for access to the records of the Information Regulator.