South Africa’s Data Protection Law now in force
A transitional period until July 2021 gives organisations some breathing space. By Nerushka Bowan of the L.I.T.T. Institute, South Africa.
The South African Protection of Personal Information Act, 2013(1) (POPIA or the Act) took its final steps towards full enactment after a seven-year wait. On 22 June 2020, the President proclaimed the commencement date of 1 July 2020 for the substantive provisions of the Act. Organisations are granted a 12-month transitional period in order to become compliant before facing any enforcement action. The grace period ends on 30 June 2021, and enforcement begins on 1 July 2021.
The terms “personal information”, “responsible party”, “Information Regulator” and “information officer” in POPIA have similar meaning to the terms “personal data”, “data controller”, “supervisory authority” and “data protection officer” in the GDPR, respectively.