Page 30 - Q&A
P. 30

Are there any sector codes for POPIA yet?


            March 2020
            “My retail business has an online store where we sell and deliver to South African
            clients. With POPIA looming we want to ensure that we comply with any specific
            industry requirements on how we must process information via our online store.
            Can you give guidance in this regard?”
      Commercial  Although the Protection of Personal Information Act (“POPIA”) was signed into
            law in 2013, to date not all provisions of POPIA have come fully into effect, with
            the coming into force of certain provisions dependent on the preparedness
            of the Information Regulator.  The Information Regulator however recently
            requested  the  President  to  declare  that  the  remaining  provisions  of  POPIA
            commence on 1 April 2020, which would mean that if the President acts on the
            Information Regulator’s request, then the remaining provisions will take effect on
            31 March 2021.  With the current coronavirus pandemic, this has not yet
            happened, but may still happen soon.

            POPIA essentially obliges responsible parties to act in a prescribed manner
            when processing personal information.  To this end, POPIA empowers the
            Information Regulator to, either by its own initiative after consultation with
            the relevant stakeholders, or by application of a body, industry, profession or
            vocation, issue codes of conduct for how enterprises belonging to a specific
            body, industry, profession or vocation should comply with POPIA. This approach
            provides the option for a more detailed and specific approach to be taken by
            sectors and industries and so concretise specific measures or good practices
            for compliance in that sector or industry.
            Importantly, these codes do not replace POPIA but are intended to operate in
            support of POPIA and explain how the relevant business will comply with POPIA
            in its specific context. The Information Regulator has recently issued a set of
            draft Guidelines on Drafting Codes of Conduct Issued Under the Protection of
            Personal Information Act, 2013 (Act No. 4 Of 2013) (“Guidelines”) to serve as
            an interpretative aid, to assist stakeholders in sectors and industries to develop
            codes of conduct.
            The Guidelines provide guidance on what should be included in such codes
            of conduct as well as the process for submitting and having the Information
            Regulator  approve a code  of conduct.  As the Guidelines  are still in  draft
            format, one must assume that for the moment there are no approved codes of
            conduct yet in force, although some sectors and industries are already involved
            in preparing codes of conduct for businesses in their sectors or industries.

            Our advice is to make contact with the primary regulator of your specific
            industry or sector to hear if there is any guidance, albeit in draft form, available
            for your business to align itself with so long. If not, remember that your business





            23
   25   26   27   28   29   30   31   32   33   34   35