Many people want to know what the POPI commencement date (or effective date) will be. It is important because the grace period of one year starts running from the commencement date – the clock starts ticking. You must comply with POPI and the Information Regulator will start enforcing POPI one year after the commencement date. Which sections have already commenced and what does this mean? When will the rest commence? What should you be doing when? We are constantly on the lookout for indications of (or the proclamation of) the POPI commencement date (or effective date).

Action you can take

What has already commenced?

Certain sections of POPI have already commenced (under proclamation No. R. 25, 2014), but it is only a few limited sections. The majority of POPI (especially the sections that create compliance requirements) will only commence on a later date to be proclaimed by the President. The sections that have commenced are not of great significance. The wheels have started to turn, but not much has changed. This development does not mean that you should go any faster or slower than you are already going. So which sections have already commenced.

  • The definitions in section 1 – This section does not create any laws itself, but is necessary for other sections.
  • The Information Regulator (Part A of Chapter 5) – Part A deals with the establishment, staffing, powers and meetings of the Information Regulator.
  • Regulations (Section 112) – The Minister and the Information Regulator may now make regulations.
  • Procedure for making regulations (Section 113) – The procedure for making regulations is now in place. There are no regulations yet, just the process is in place to make the regulations. We are not expecting draft regulations before about June.

What is the POPI commencement date or POPI effective date for the rest?

We don’t know for sure. Nobody does. We are waiting for the President to proclaim the date, which will only be after the appointment of the Information Regulator. The commencement date could even be announced when the Information Regulator is appointed. We anticipate that the POPI commencement date will be towards the end of 2016, but no later than 24 May 2017. Bear in mind that there is a one-year grace period that could be used by the Information Regulator to begin the work. We currently anticipate that you will have to comply with POPI from about the end of 2017 and the Information Regulator will start enforcing POPI from then.

What should we do when?

But this does not mean that you should not already be starting the process of complying with POPI. POPI is not going to change. The regulations are not going to change much and will not make you redo work. There will be few (if any) new regulatory requirements in the regulations. You should be raising the awareness of POPI in your organisation and planning what you are going to do to protect personal information. You should start implementing the changes you need to make to comply as soon as possible so that you finish well before the end of the grace period leaving you enough time to check (or review) that you comply.