Even organisations that initially took a proactive approach to privacy compliance, by performing privacy maturity assessments / gap analyses, have put their privacy remediation plans on hold while awaiting an effective date.
Since April 2014, when parts of the Protection of Personal Information Act (“POPIA”) became effective, many clients were eager to know when they would need to comply with POPIA. In other words, when would the substantive provisions regulating the processing of personal information come into effect?
One year turned to two, then three and then before we knew it six years passed without the announcement of an effective date for the majority of the substantive provisions. This has resulted in many organisations becoming complacent in their privacy journey asking us, tongue-in-cheek, “Will POPIA become effective in our lifetime?”
© 2020 KPMG Services (Pty) Limited, a South Africa private company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.