PUBLICATION OF REGULATIONS UNDER POPIA
The Information Regulator, the data protection authority which is responsible for enforcing the South African Protection of Personal Information Act 4 of 2013 (POPIA), published new regulations under POPIA on Friday, 14 December 2018. A copy of the new regulations is available here.
The substantive provisions of POPIA have not yet been brought into effect. The regulations are similarly not in effect and will only commence on a date to be determined by the Information Regulator.
The regulations, like the draft which was published for comment in
September 2017, focus on procedural matters such as the way in which complaints and requests must be submitted to the Information Regulator and data controllers by data subjects; the prescribed form in which complaints and requests must be made; the process that data controllers must follow to request consent from data subjects for direct marketing; and the various ways in which disputes and complaints in terms of POPIA may be resolved.
The Information Regulator advertised a number of executive vacancies on
7 December 2018 for people to fill the roles of chief executive officer and chief financial officer, among others. The expectation is that POPIA, and the new regulations, will be brought into effect in early 2019.