What is the Protection of Personal Information Act (POPI) and how we can help your business with compliance.
POPI, the protection of personal information act, is a piece of legislation designed to protect any personal information which is processed by both private and public bodies (including government). Some exceptions exist, but every person who collects, stores and otherwise modifies or uses information (i.e. processes information) is responsible under POPI and must comply with the conditions required for the lawful processing of personal information.
Although POPI was signed into law on 26 November 2013, it is not yet effective as a commencement date has not yet been established. Once a commencement date has been established companies will have 12 months to comply.
Appointment of an Information Regulator
The President of South Africa has confirmed the appointment of Advocate Pansy Tlakula as the Chairperson of the Information Regulator and Advocate Lebogang Stroom, Johannes Weapond, Professor Tana Pistorius and Sizwe Snail Ka Mtuze as members of the Information Regulator.
These appointments follow the National Assembly’s recommendation on 7 September 2016. The members have been appointed with effect from 1 December 2016 and will serve a period of five years. It is anticipated that the commencement date for the remaining provisions of the POPI Act will soon follow the appointment of the members of the Information Regulator.
Read our factsheet for more information on the appointment of an Information Regulator.
All organisations that store, collect or process personal information are required to comply.
© 2020 KPMG Services Proprietary Limited, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.