POPI & PAIA - who, what and when?

In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.

POPI

Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).

What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:

• a POPI policy that is developed, monitored and maintained
• appoint an Information Officer
• Perform an impact assessment/GAP analysis on the business relating to POPI
• Training and awareness is conducted on POPI

PAIA

POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.

What is it?

PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have

• a PAIA Policy
• appoint an Information Officer
• Submit the Policy to the SAHRC

As always, contact us if you need help putting this in place.