It has been almost two years since POPI was enacted by the President in November 2013, and the most frequently asked question has been when will the substantive revisions come into effect? Certain parts of the Act were made effective in 2014, but the revisions requiring the lawful processing and protection of personal information still await an effective date. There has been speculation on when the effective date for these provisions will be announced. There has now been some developments in that the Department of Justice (DoJ) has recently called for nominations for the position of Information Regulator. As announced by the DoJ, the appointment of the members of the Regulator will facilitate the commencement of the remainder of the Act.
A number of companies have already started, and some have completed, their compliance programmes in readiness for POPI's effective date. What has become apparent is that the amount of work required in achieving POPI compliance is often underestimated by companies.
KPMG's POPI team is made up of attorneys, IT and other advisory professionals, who are also members of the global KPMG Privacy Practice. We can assist by identifying specific POPI risks for compliance, and at implementing controls to mitigate against those risks.