“Don’t Panic” (Douglas Adams, Hitchhiker’s Guide to the Galaxy)
Almost every business in South Africa will be affected by POPI (the Protection of Personal Information Act), but don’t be misled by the many articles and media reports doing the rounds that imply you are at immediate risk of non-compliance. No general commencement date has yet been set, and even when it is, we will still have at least a full year thereafter to comply.
Having said that, there’s certainly merit in being prepared. In a nutshell, build your compliance program around identifying what personal data you hold, why and under what authority you hold it, and how secure it is.
But don’t panic if you haven’t started on that yet. When a commencement date is actually announced (hopefully in the not-too-distant future, now that the way is cleared for the appointment of an Information Regulator) we’ll let you have some practical advice on how to go about preparing for compliance.