The Protection Of Personal Information Act (No 4 of 2013) has been hovering in the background for quite some time already. Its intention is to bring the practices governing data collection and direct marketing in South Africa into line with European standards and guidelines governing these issues, and although the Act was first published in 2013, it has not yet come into full effect.
However, the clock is ticking on its implementation, and as of the date of writing, all that really remains to be done is for the post of “Information Regulator” to be filled and activated. In fact, the first draft set of related regulations were already drawn up in September of last year, and there are potentially serious implications for direct marketing.
POPI was drawn up to be compliant with the General Data Protection Regulations (GDPR) put in place in the EU, and the grace period for complying with the GDPR ends at the end of May this year.
Nobody is quite sure yet when the POPI Act will go into full effect in South Africa though. It could be as soon as the end of this year, or it could be any time in the following year.
As soon as it is implemented, businesses have a 1 year period to bring their data collection practices into alignment with the POPI Act, and given the potential implications for marketing, it’s going to be important to ensure that you are doing it right.
Understanding The POPI Act
Click on the link below to download your own copy of the POPI Act, and find out how it might affect you and the collection of data carried out by your business.
You can also see the first proposed draft regulations related to the act here: POPI Act Regulations Draft