Reports have been circulating, over the past two days, that South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) could become law on 1 April 2020.
These are certainly credible reports, as the Information Regulator has indeed written to President Cyril Ramaphosa, requesting that POPIA be made effective from the new (national government) financial year.
The Information Regulator’s Chairperson – Adv Pansy Tlakula – was interviewed on news channel eNCA on Saturday 25 January and confirmed that the President had indeed been requested to implement the law from 1 April (and no, notwithstanding the date, it’s not likely to be an April Fool’s joke if it does become law). You can hear the news from the Chairperson herself. Watch this clip:
Why is this announcement significant? It’s important because POPIA affords all parties processing personal information a one year grace period to ensure that they are POPIA compliant. You can be assured that, as much as one year sounds like sufficient time, when it comes to medium and large enterprises, our experience, in assisting them to become compliant, is that one year is probably not enough.
Why are we holding thumbs you may ask? This is because POPIA is likely to have a very positive effect on the South African economy. Being able to comply with minimum privacy standards of economies such as those of the European Union, means that they will be more comfortable doing business with South Africa: particularly business that involves the transfer of personal information to South Africa.
Industries that involve Business Process Outsourcing are likely to benefit the most. A simple example is call centres. They often involve the use of, and reliance on, very sensitive information. Foreign businesses are likely to regard South Africa as a location that presents less legal and compliance risk, because they will need to provide call centres with personal information such as identification numbers, bio-metrics and health related information.
How does this help the South African economy you may ask? It means many South African call centre agent bums in South African call centre seats. In other words lots of jobs.
What is important to remember, is that it’s all up to the President, so a 1 April 2020 effective date is not cut in stone. For it to become law, the President will need to sign the Act and then have the effective date published in the Government Gazette. I have no doubt that between now and 1 April 2020, anyone and everyone in the South African privacy law and data protection space is going to be keeping an eagle eye on the the Government Gazette.
It seems that it’s no longer a case of “cry wolf” as far as POPIA is concerned. Start getting ready!