Even organisations that initially took a proactive approach to privacy compliance, by performing privacy maturity assessments / gap analyses, have put their privacy remediation plans on hold while awaiting an effective date.
Since April 2014, when parts of the Protection of Personal Information Act (“POPIA”) became effective, many clients were eager to know when they would need to comply with POPIA. In other words, when would the substantive provisions regulating the processing of personal information come into effect?
One year turned to two, then three and then before we knew it six years passed without the announcement of an effective date for the majority of the substantive provisions. This has resulted in many organisations becoming complacent in their privacy journey asking us, tongue-in-cheek, “Will POPIA become effective in our lifetime?”
© 2021 KPMG Services Proprietary Limited, a South African company with registration number 1999/012876/07 and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.