1. The President signed certain sections of the Protection of Personal Information Act, 2013 (“POPI”) into law on 11 April 2014.
  2. POPI seeks to promote the protection of personal information processed by public and private bodies. It introduces certain conditions which establish minimum requirements for the processing of personal information in South Africa.
  3. Section 1, Part A of Chapter 5, section 112 and section 113 are the sections that have become effective.
    • Section 1 is POPI’s definitions section.
    • Part A of Chapter 5 provides for the establishment of the Information Regulator, its powers and various administrative aspects related to it.
    • Section 112 provides for the making of regulations by the Minister of Justice and the Regulator. Such regulations include regulations related to the way in which data processing may be objected to, the way in which codes of conduct may be submitted to the regulator and the way in which complaints may be filed.
    • Section 113 deals with the procedure for making regulations.  It details the processes that the Minister of Justice and the Regulator must follow before publishing final regulations.
  4. It is clear that the process of setting up the structure that will enforce compliance with POPI, has begun.  This is a logical and necessary step, to ensure that by the time all of POPI’s provisions become effective, a fully functional Regulator is in place.
  5. Public and private organisations that have not begun preparations for when POPI becomes fully effective, should regard this as a sign that preparations to comply are becoming increasingly necessary and urgent.
  6. A copy of Notice No.: R25 published in Government Gazette No.: 37544 can be found here.[1]