Jul 8, 2020 | Articles, GDPR

POPIA compliance

Howard Freeman

Howard Freeman

South Africa’s new data privacy law and what it means for you

South Africa’s Protection of Personal Information Act, POPIA is now law. This is good news for South African citizens and residents as the aim of the legislation is to protect their personally identifiable information. But what will POPIA compliance mean for companies?

But what does the new law mean for South African organisations?

For some the answer is, not a great deal. Some South African businesses work with European clients and partners already. Many of these are in finance and telecoms. These businesses already have overhauled their data security in order to comply with the GDPR.

POPIA isn’t a replica of GDPR and will be enforced by a single regulator. In the EU, this number is 27. For those businesses that comply with GDPR, complying with POPIA will be easier but not simple.

For other organisations, however, complying with POPIA will take some work and investment in time and money terms.

A survey in 2019 indicated a significant number of South African organisations were not yet ready for POPIA. In fact, 34% claimed they were not ready for full implementation. It is likely that this number hasn’t changed a great deal since.

As of the 1st of July of this year, the organisations have been put on notice. And now it is time for them to get compliant.

Grace period for POPIA Compliance

The good news is that the government has introduced a one year grace period. Organisations now have the time to get up to speed. However, some critics have questioned whether fully implementing POPIA now, is wise. The world is still at the height of a pandemic and this extra burden may place undue hardship on businesses. 

Either way, as of the 1st of July of this year, the organisations in the ‘not ready yet’ camp have been put on notice. And now it is time for them to get compliant.

POPIA compliance enforcement is likely to be ruthless 

POPIA, which was first passed in 2013 has been a long time coming. Some parts of the regulation passed into law in 2014. Since those initial sections came into effect six years ago, observers have speculated on when the act would come into full force. From sometime in 2019, to 1st April of this year to 1st July when the legislation did come into force 

The delays did lead to some frustration amongst South Africans, they were in part attributable to the passing and rolling out of the GDPR. The South African legislators learnt from the EU experience and adjusted POPIA accordingly. This didn’t help businesses with their preparations for POPIA compliance.

Compliance Bottleneck

However, there will no doubt be a bottleneck for businesses to comply with POPIA as demand increases for consultants in South Africa. Such businesses will need the right skills and technologies as the grace period ends. If left, the demand on deadline day, July 1st 2021 this demand is likely to be immense. It is possible that some companies won’t be able to get compliant in time. Such businesses will have developed their skills on GDPR.

However, given the the already elapsed, organisations in South Africa have had years to prepare for this. Based on that single fact is why the government will be ruthless in its enforcement of POPIA.

We have the skills to help you today and you can book an initial assessment via Zoom right now. As soon as restrictions are eased we will be in the country to help you.

You can find out more about our service offerings here.


Can we help?