Earlier this year the coming into effect of PAIA (Promotion of Access to Information Act) for all companies, private or public was extended to December. This meant certain companies were exempt (most companies) and others where not depending on staff size and turnover as well as industry.

This extension of exemption lapses on the 31st of December this year. Many thought they might extend this further but there has been no mention made of any further extensions. Thus, practically all companies in South Africa must as of 1 January 2022 have a PAIA manual on their website or, if they do not have one, they must have it available at their place of business.

Luckily the Information Regulator has made a template available as a suggestion of how this should look so one does not have to fork out money or wonder about the content. It is easy to implement and not much drafting is needed. One can view it here at the bottom of the page - be sure to fill it in correctly and add to your website under the legal section. Compared to POPI, PAIA basically consists of signing off the policy prescribed by the regulator and sticking it on your web page.

Or our clients can access our conveniently formatted version we sent to them and that we've made available on our client portal. If you are not a client you can buy one here.

In closing, I am baffled as to why all companies have to have this kind of policy as it is entirely likely that it will never be used by 99% of all companies. It is very useful if you want to obtain information as a journalist from state owned entities where our rights as citizens are concerned. However, persons will rarely use this as a method of obtaining their own information (freely available from the entities). By the way, people's own information is usually the only information that they care about and this is catered for by POPI.

Like with POPI, I do not see that the regulator will be checking all companies from the get-go to see if this is in place. Better safe than sorry though.

​PAIA is the acronym for the Promotion of Access to Information Act and it enables people to gain access to information held by public and private bodies so they may exercise any rights they have in relation to the information. It was historically only applied to government organisations and the legislation was expanded to apply to more businesses.

The PAIA manual does not have to be submitted to any regulator or person at this stage, it is, however, very important that the PAIA manual reflects on your company's website should PAIA apply to your company. There are thresholds' in place to indicate which companies are subject to a PAIA compliance and the rest of the companies that fall beneath these threshold amounts are exempt from having to comply with PAIA.

The PAIA thresholds are as follows, and should your company have this amount of employees of annual turnover per specific sector, you need to have a PAIA Manual in place (this may change from time to time):

The due date for PAIA and POPI is 1 July 2021, and it is immensely important that your company complies within the given due date to prevent any fines or penalties by the regulator.

Please contact us if you require any assistance with your PAIA Manual, we will gladly assist you. You can also go to our website for more information on how to contact us.

In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.

Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).

What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:

• a POPI policy that is developed, monitored and maintained
• appoint an Information Officer
• Perform an impact assessment/GAP analysis on the business relating to POPI
• Training and awareness is conducted on POPI

POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.

What is it?

PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have

• a PAIA Policy
• appoint an Information Officer
• Submit the Policy to the SAHRC

As always, contact us if you need help putting this in place.