The President approved (signed) the Protection of Personal Information Act (POPI) on 19 November and it was gazetted on 26 November, which means it is now law. As we expected, the President did not send it back to Parliament and the version he signed is the same as the last version of the Bill, B9D-2009. So, for those of you who were working off that draft, nothing has changed. If you were working off an earlier draft, you need to check what is different between the version you know and the signed one. We can help you with this.

Get a copy of the law

You can download the signed version of the Protection of Personal Information Act 4 of 2013, which is in both English and Afrikaans. The President signed the English version. We have created a version with just the English sections and without the schedules, which is easier to print. Download it here.

When will it commence?

Although the President has signed it, it will only commence on a date to be proclaimed by the President. We don’t know when he will do this, but it will probably be about six months. The Information Regulator needs time to establish itself. The commencement could also be staggered.

Grace period

There will also be a grace period of one year from the date of commencement. It is possible that the grace period could be extended once for a further three years. You will have this year grace period to ensure that all your processing of personal information complies with POPI. So, you effectively have about 18 months from now to ensure all your processing complies.

You need to act now

If you have not yet done anything to comply with POPI, you need to act now.

If you want to find out more about POPI, we are running seminars, workshops and training on POPI.

We are currently helping many organisations to comply with POPI. We are expert practical legal advisers with experience on POPI. If you would like to find out more about how we can help you, click here.