Protection of Personal Information Act news flash

Reports have been circulating that the Protection of Personal Information Act, Act No 4 of 2013 (“POPIA”) is to be implemented on 1 April 2020. Although POPIA became law on 19 November 2013, the parts of POPIA pertaining to the legal requirements for processing of personal information are not yet in effect. 

The Information Regulator recently announced that it has written to President Cyril Ramaphosa requesting that POPIA be made effective from 1 April 2020. However, the commencement date must be promulgated by the President in the Government Gazette in order for it to be effective.

Once implemented, POPIA affords all parties processing personal information one year to ensure that they are POPIA compliant. This means that, if the President acts on the Information Regulator’s request, the compliance deadline will be 1 April 2021.

Parties who process personal information are advised not to wait until the effective date to commence with their POPIA compliance, as it has been our experience that one year is often insufficient time to become fully compliant. 

It is important to note that any person found to be in contravention of POPIA can be liable for a fine of up to R10 Million and/or up to 10 years’ imprisonment.

Our professionals are fully equipped to assist enterprises of any size in their compliance with POPIA, and they can be contacted at or