POPIA unpacked: What you Need to Know

by Peter Grealy, Nozipho Mngomezulu, Karl Blom, Wendy Tembedza

After years of start and stops – virtually all the operational provisions of the Protection of Personal Information Act 4 of 2013 (POPIA)  finally came into force on 1 July 2020. All businesses and public bodies will be affected.

This development impacts every public and private body in South Africa. The infographic below provides an overview of the instances in which POPIA will apply to processing activities and the obligations which come with POPIA. There is a 12-month grace period – until 30 June 2021 by which to comply with the comprehensive requirements set out in POPIA and non-compliance can result in significant penalties – up to 10  years’ imprisonment and/or ZAR10 million in administrative fines. 

POPI’s reach is wide – it regulates all organisations who process personal information, – information about employees, customers, suppliers and those who outsource key processing activities, share data offshore, or engage in direct marketing.