Skip to main content

Grace period for PoPI compliance nearly over

| Legislation

Company executives must act swiftly, the grace period for compliance to the Protection of Personal Information Act (PoPI) is nearly over. For the first time, the South African National Assembly voted in favour of the appointment of an Information Regulator for PoPI.

Parliament voted for the five nominated candidates to run the newly formed office of the Information Regulator and will now be referred to the Minister of Justice and Correctional Services.

The PoPI Act will hold organisations liable for the safety of their information. Companies could face increased data protection and disposal costs, massive fines, civil claims and reputational damage claims if they fail to upgrade information technology security systems ahead of the implementation of the Act.

Xperien CEO Wale Arewa is excited about this decision. He says it impact both the consumer and the economy positively.

“It will force companies to change their processes to ensure that the personal information and data they collect is protected.

“The small guy whose rights have been violated by data breach will now have recourse to take on corporate companies. This was previously unthinkable, considering the cost implications of putting together a case for high court litigation. Many aggrieved consumers have resigned to the bully tactics of cavalier corporate companies,” he explains.

The new regulations will make it easier and less risky for multinationals to do business in South Africa. Many have resisted doing business due to a lack in data protection laws, that could leave them exposed to data breach and it dire consequences.

"Company executives responsible for IT asset management need to understand the principles of IT Asset Disposal (ITAD) and they need to consider regulatory compliance and the protection of company information. IT disposal has legislative requirements, compliance to PoPI," he says.

Arewa suggests the PoPI Act will have serious consequences in the near future. “It won’t be long before we start reading about companies that have been fined for non-compliance and this in turn will encourage other companies to adopt the principle of ITAD, which will ultimately protect companies from reputational loss.”

Not only is the introduction of mandatory protection of personal data a huge challenge for companies, but now organisations are being prompted to rethink how they approach the reuse, recycling or recovery of their eWaste.

"The office of the Information Regulator will determine whether Government and business respect the privacy rights of data subjects or not,” he concludes.


Related Articles

SARS wants to change VAT collection in South Af...

The South African Revenue Service (SARS) has published a discussion paper on ways to modernise the VAT collection process.

Pick n Pay: Retailer must compensate Springbok ...

by Ahmed Areff – News24 Pick n Pay has been found liable by the Western Cape High Court for damages claimed by Maria Williams, wife of the late Springbok winger Chester Williams, who was injured after slipping and falling at one of its supermarkets.

Massive shake-up for shopping malls in South Af...

Over 2,000 shopping malls and retail centres in South Africa are in for a major shake-up as retail group Spar joins Pick n Pay and Shoprite in bringing an end to long-term exclusive lease agreements.

New rules for sharing content on WhatsApp, Face...

The Film and Publications Board (FPB) has published three new documents that serve as industry codes and guidelines on how to handle “harmful content” on various online platforms and peer-to-peer networks in South Africa.

New laws for businesses in South Africa – takin...

The Department of Trade and Industry and Competition has gazetted its intention to submit the Companies First and Second Amendment Bills to parliament in August 2023.