Protection of Personal Information (POPI) update (22 May 2013)

//Protection of Personal Information (POPI) update (22 May 2013)


Many of our clients are interested in the status of the Protection of Personal Information Bill (POPI). POPI is now the oldest Bill in Parliament and it has taken many years to make its way through the law making process. Many people are frustrated and wonder if it will ever actually become a law. There is absolutely no doubt that it will, but the question is in what form and when. Our clients generally want to know:

  1. Will there be amendments to the current draft?
  2. When will it be enacted?

The answer to the first question is important because you do not want to do things now that you will have to redo if POPI is amended.

The answer to the second question is important because you need to know how long you have to comply. The timeline has a big impact on planning and resourcing.

We attended the session of the NCOP in Parliament yesterday (22 May) to find answers to these two questions.

Proposed amendments

There are some proposed amendments to POPI (version B 9B-2009), but most of them are technical in nature. For example, correcting a spelling mistake or fixing grammar. Or changing “2012” to “2013”. It looks like there will be amendments to the following sections:

  • Section 38 dealing with the exemption of certain functions, like a regulator – not of relevance to private bodies
  • Section 72 dealing with the transfer of personal information outside South Africa – minor changes that will not have an impact on most people
  • Maybe a few other minor changes

So, you can carry on with your efforts to implement POPI in your organisation on the basis that POPI is not going to change much. You will not have to start again when the new version comes out. It does not look like there will be any changes to section 109.

When will it be enacted?

Nobody knows and it depends on a number of factors. But our best guess at the moment is that it will be signed by the President at the end of June 2013 or early July 2013. There are still quite few steps in the formal procedure that need to be followed, but most of the hurdles (issues to be resolved) are out of the way. And the remaining issues will have very little impact on most organisations.

There is no reason why you should wait to start your efforts to comply with POPI. If you have not yet started, you need to do so now.


You can read our live tweets from the NCOP session on 22 May on twitter @michalsons.

If you would like to read POPI, please click here.

By |2017-12-07T07:01:38+02:00May 23rd, 2013|Categories: POPI and Data Protection|Tags: , , |