This website uses cookies to ensure you get the best experience. If you continue to use this site without changing your cookie settings we assume you consent to the use of cookies on this site.

find an article

technology, media and telecommunications (TMT) | 22 Jun 2020
BY Ridwaan Boda , Era Gunning , Rakhee Dullabh AND Wilmari Strachan

technology, media and telecommunications (TMT)

POPIA to commence soon

The much anticipated and deeply needed Protection of Personal Information Act, 2013 (“POPIA”), which gives effect to the constitutional right to privacy in South Africa, will soon commence.

Certain provisions of the Act, including those relating to the establishment of the Information Regulator, were implemented in April 2014. Several of the remaining sections could only be put into operation at a later stage as they required a state of operational readiness for the Information Regulator to assume its powers, functions and duties in terms of POPIA.

The commencement of the remaining sections have now been proclaimed by the President of South Africa as follows:

  • Sections 2 to 38, sections 55 to 109, section 111 and section 114 (1), (2) and (3) will commence on 1 July 2020. These are the essential parts of POPIA and pertain to:
    • the conditions for lawful processing of personal information,
    • the regulation of the processing of special personal information;
    • Codes of Conduct issued by the Information regulator;
    • procedures for dealing with complaints;
    • provisions regulating direct marketing by means of unsolicited electronic communication, and general enforcement of the Act.
  • Sections 110 and 114(4) will commence on 30 June 2021. These sections pertain to the amendment of laws and the effective transfer of functions of the Promotion of Access to Information Act, 2000 from the South African Human Rights Commission to the Information Regulator.

What does this mean? In terms of POPIA, all organisations must be POPIA compliant by 1 July 2021, but should attempt to comply with the provisions of POPIA as soon as possible. As a start, here are some points to consider:

  1. the appointment of an information officer;
  2. what should the compliance framework look like;
  3. updating contracts;
  4. drafting and then implementing the right policies; and
  5. establishing the appropriate controls and processes to ensure the compliance framework is effective.

For further analysis of privacy legislation and compliance, please refer to our privacy in brief newsletters. Our recent POPIA “must haves” article elaborates on ENSafrica’s POPIA toolkit.

Feel free to contact us about how we can help you on the POPIA compliance journey.


Ridwaan Boda

Executive | Technology, Media and Telecommunications

+27 83 345 1119


Wilmari Strachan

Executive | Technology, Media and Telecommunications

+27 82 926 8751


Era Gunning

Executive | Banking and Finance

+27 82 788 0827


Rakhee Dullabh

Senior Associate | Corporate Commercial

+27 82 509 6565