The Protection of Personal Information Act (POPI) is expected to be introduced soon, bringing with it a host of new changes regarding privacy laws in South Africa. Chief among these are new protections for every day South Africans as well as a number of mandatory changes for businesses in South Africa.
Associate at Norton Rose Fulbright, Tatum Govender says that, while the official date for POPI’s implementation hasn’t been announced yet, South African companies will have just 12 months from the commencement date to ensure they are compliant. At this point, South Africans consumers may request a takedown of any personal information stored by a South African business, following the prescribed manner. In addition, the requester must provide adequate proof of identity.
Govender noted that, in addition to the take down requests, companies will also no longer be allowed to keep excess information, and can only keep copies which are required for a specific, legitimate purpose.
Govender said that, in addition to action taken by the information regulator, certain actions are outright offences (eg. obstructing the Regulator) and may result in immediate criminal prosecution or administrative fines. With such a big change being required of South African businesses, and questions of who will enforce the new laws, it is believed that many companies may opt to simply take the fine.