​PAIA is the acronym for the Promotion of Access to Information Act and it enables people to gain access to information held by public and private bodies so they may exercise any rights they have in relation to the information. It was historically only applied to government organisations and the legislation was expanded to apply to more businesses.

The PAIA manual does not have to be submitted to any regulator or person at this stage, it is, however, very important that the PAIA manual reflects on your company's website should PAIA apply to your company. There are thresholds' in place to indicate which companies are subject to a PAIA compliance and the rest of the companies that fall beneath these threshold amounts are exempt from having to comply with PAIA.

The PAIA thresholds are as follows, and should your company have this amount of employees of annual turnover per specific sector, you need to have a PAIA Manual in place (this may change from time to time):

The due date for PAIA and POPI is 1 July 2021, and it is immensely important that your company complies within the given due date to prevent any fines or penalties by the regulator.

Please contact us if you require any assistance with your PAIA Manual, we will gladly assist you. You can also go to our website for more information on how to contact us.

Businesses can now register their Information Officers online with the Information Regulator. Businesses must do so without delay to avoid any penalties or regulatory action. The Information Officer is usually the CEO or COO of the company and may delegate some functions to Deputy Information Officers, who must also be registered.

Please ensure that information officers are duly appointed and that the necessary information is submitted.

The online portal of the Information Regulator can be viewed here.
One can also contact the Information regulator on their email address: registration.IR@justice.gov.za .

For more information on registration and responsibilities please see the Guidance Note issued recently on 1 April.

If you need any assistance with rolling out your policies please contact us or see our starter kit on our online store!

In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.

Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).

What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:

• a POPI policy that is developed, monitored and maintained
• appoint an Information Officer
• Perform an impact assessment/GAP analysis on the business relating to POPI
• Training and awareness is conducted on POPI

POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.

What is it?

PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have

• a PAIA Policy
• appoint an Information Officer
• Submit the Policy to the SAHRC

As always, contact us if you need help putting this in place.