POPIA

POPIA

POPI Act Foreword

POPI Act (POPIA) > The Information Regulator will begin the enforcement of the POPI Act and PAIA starting July 1, 2021. Every public or private entity must register an information officer and/or deputy information officer by March 31, 2021.

Protection of Personal Information Act (POPIA) provides privacy rights and consumer protection for South Africans.

Key sections of the POPI Act took effect on Jul 1, 2020. All businesses, public entities, non-profit organizations, and any other entities must address compliance in a short time, and with minimal impact on the budget. Large companies have teams already working on POPIA.

Most mid-size and small businesses are unaware of the law. They need to engage their legal and IT teams to implement POPIA. Nearly all entities believe that POPI Act means prevention of SPAM, calls from telemarketers, and the ability to opt-out of digital marketing.

This is one of the rights in the POPI Act, and so are several other rights including delete my data, correct my data, objection to processing, and many others.

What is POPIA?

The Protection of Personal Information Act (POPIA Act) 4 of 2013 aims:

  • to promote the protection of personal information processed by public and private bodies;
  • to introduce certain conditions so as to establish minimum requirements for the processing of personal information;
  • to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
  • to provide for the issuing of codes of conduct;
  • to provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  • to regulate the flow of personal information across the borders of the Republic; and
  • to provide for matters connected therewith.

The POPI Act

PREAMBLE

RECOGNISING THAT—

  • section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy;
  • the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information;
  • the State must respect, protect, promote and fulfil the rights in the Bill of Rights;

AND BEARING IN MIND THAT—

  • consonant with the constitutional values of democracy and openness, the need for economic and social progress, within the framework of the information society, requires the removal of unnecessary impediments to the free flow of information, including personal information;

AND IN ORDER TO—

  • regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justifiable limitations that are aimed at protecting other rights and important interests,

POPIA Guarantee

The Constitution of South Africa guarantees the most general right to privacy for all its citizens. This provides the main protection for personal data privacy so far.

The Protection of Personal Information Act 2013 (POPIA) was signed into act, focusing on data privacy and is inspired by other foreign national treaties like the United Kingdom. Minimum requirements are presented in POPI Act (POPIA) for the act of processing personal data, like the fact that the data subject must provide consent and that the data will be beneficial, and POPIA will be harsher when related to cross-border international data transfers, specifically with personal information. The POPIA Act will be in full effective from 1 July 2020.

The recording of conversations over phone and internet is not allowed without the permission of both parties with the Regulation of Interception of Communications and Provision of Communications Related Act (2002).

In addition, South Africa is part of the Southern African Development Community and the African Union.

INFORMATION REGULATOR

THE INFORMATION REGULATOR (SOUTH AFRICA) IS AN INDEPENDENT BODY ESTABLISHED IN TERMS OF SECTION 39 OF THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA) 4 OF 2013. IT IS SUBJECT ONLY TO THE LAW AND THE CONSTITUTION AND IT IS ACCOUNTABLE TO THE NATIONAL ASSEMBLY.

THE INFORMATION REGULATOR IS, AMONG OTHERS, EMPOWERED TO MONITOR AND ENFORCE COMPLIANCE BY PUBLIC AND PRIVATE BODIES WITH THE PROVISIONS OF THE PROMOTION OF ACCESS TO INFORMATION ACT, 2000 (ACT 2 OF 2000), AND THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA), 2013 (ACT 4 OF 2013).

Contact Information Regulator > https://www.justice.gov.za/inforeg/contact.html

POPIA Act Commencement

POPIA (POPI Act) Chapters

POPI Act Regulations Manual

POPI Act > CHAPTER 1 > Definition & Purpose

POPI Act > CHAPTER 2 > Application Provisions

POPI Act > CHAPTER 3 > Conditions for Lawful Processing

  • SECTION 8 – Responsible Party
  • SECTION 9 – Lawfulness of Processing
  • SECTION 10 – Minimality
  • SECTION 11 – Consent, Justification and Objection
  • SECTION 12 – Collection directly from data subject
  • SECTION 13 – Collection for specific purpose
  • SECTION 14 – Retention and restriction of records
  • SECTION 15 – Further processing to comply with purpose of collection
  • SECTION 16 – Quality of information
  • SECTION 17 – Documentation
  • SECTION 18 – Notification to data subject when collecting personal information
  • SECTION 19 – Security measures on integrity and confidentiality of personal information
  • SECTION 20 – Information processed by operator or person acting under authority
  • SECTION 21 – Security measures regarding information processed by operator
  • SECTION 22 – Notification of security compromises
  • SECTION 23 – Access to Personal Information
  • SECTION 24 – Correction of Personal Information
  • SECTION 25 – Manner of Access
  • SECTION 26 – Prohibition on processing of special personal information
  • SECTION 27 – General authorisation concerning special personal information
  • SECTION 28 – Authorisation concerning data subject’s religious or philosophical beliefs
  • SECTION 29 – Authorisation concerning data subject’s race or ethnic origin
  • SECTION 30 – Authorisation concerning data subject’s trade union membership
  • SECTION 31 – Authorisation concerning data subject’s political persuasion
  • SECTION 32 – Authorisation concerning data subject’s health or sex life
  • SECTION 33 – Authorisation concerning data subject’s criminal behaviour or biometric information
  • SECTION 34 – Prohibition on processing personal information of children
  • SECTION 35 – General authorisation concerning personal information of children

POPI Act > CHAPTER 4 > Exemption from Conditions

POPI Act > CHAPTER 5 > Supervision

POPI Act > CHAPTER 6 > Prior Authorisation

  • SECTION 57 – Processing subject to prior authorisation
  • SECTION 58 – Responsible party to notify Regulator if processing is subject to prior authorisation
  • SECTION 59 – Failure to notify processing subject to prior authorisation

POPI Act > CHAPTER 7 > Codes of Conduct

  • SECTION 60 – Issuing of codes of conduct
  • SECTION 61 – Process for issuing codes of conduct
  • SECTION 62 – Notification, availability and commencement of code of conduct
  • SECTION 63 – Procedure for dealing with complaints
  • SECTION 64 – Amendment and revocation of codes of conduct
  • SECTION 65 – Guidelines about codes of conduct
  • SECTION 66 – Register of approved codes of conduct
  • SECTION 67 – Review of operation of approved code of conduct
  • SECTION 68 – Effect of failure to comply with code of conduct

POPI Act > CHAPTER 8 > Marketing

POPI Act > CHAPTER 9 > Transborder Information

  • SECTION 72 – Transfers of personal information outside Republic

POPI Act > CHAPTER 10 > Enforcement

POPI Act > CHAPTER 11 > Fines, Offences & Penalties

POPI Act > CHAPTER 12 > General Provisions

POPIA Chapters 1 – 12

Protection of Personal Information Act (POPI Act) or POPIA South Africa | POPI Act Compliance | Information Regulator | Chapters | Sections | POPI Act Compliance Plan | POPIA Chapters 1-12 | POPIA Sections 1 – 115

POPIA Act South Africa Reference Guide & Compliance Checklist | Translate POPIA Regulations to Afrikaans, English, Xhosa, Zulu

Translate
error: Protected Content
POPIA