1 July 2021 was the POPIA deadline in South Africa. After the POPIA commencement date or effective date (which was 1 July 2020) there was a 12-month grace period – so the POPIA deadline was at the end of the grace period. POPIA (South Africa’s data protection law) came into force about eight years after it was enacted in 2013.
Is POPIA currently in force? Is POPIA currently in effect?
Yes, as of 1 July 2020 it is. Responsible parties (known as data controllers in the rest of the world) had one year from that date to ensure that all their processing confirms to POPIA.
What should you be doing now?
Don’t panic – no one is going to jail.
There is no shortage of people trying to sell you offerings related to POPIA: workshops, conferences, tech solutions, programs, online courses, online training, legal services, and consulting services. How do you cut through the noise? We suggest that you ask yourself five questions.
Please note that:
- the PAIA Manual exemption was extended again until 31 December 2021
- the deadline to have prior authorisation has been extended to 1 February 2022
But the overall POPIA deadline was still 1 July 2021.
When did Michalsons think the POPIA deadline will be?
We got asked this all the time because organisations were trying to plan. 1 June 2021 was our best guess based on the information publically available at the time. We were close but it is actually 1 July 2021.
In an interview, the Information Regulator said that they have asked the President to commence POPIA “by the beginning of the financial year” She was referring to the Government financial year that runs from 1 April to 31 March 2020. This means she wanted it commenced by 1 April 2020. This must mean that the information regulator believes they are operational enough for the Act to commence.
The information regulator was appointed on 1 December 2016 for a five-year term which means that their first term will end on 1 December 2021. Surely POPIA needs to be in force or effective by the end of the first term of the information regulator? We think that POPIA has to be in force for about six months before the end of the information regulator’s first term, which is why we think the commencement date will be on about 1 June 2020. There is a 12 month grace period that would then make the POPIA deadline 1 June 2021. There will be lots of attention on data protection on the POPIA deadline and it cannot be on the same date as the end of the information regulator’s first term because it would create too much uncertainty. There needs to be an established information regulator in office to manage the transition from the grace period to POPIA being in full force and effect.
