Extension of compliance with Section 57, in terms of Section 114 of POPIA to 1 February 2022

On 29 May 2021 Business Unity South Africa (BUSA), with the support of its members, addressed a letter to the Information Regulator (Regulator) requesting an extension of compliance with section 57 of the POPI Act.

The Regulator responded to BUSA on 17 June 2021.

In summary the Regulator has, in accordance with section 114(3) of POPIA, decided to extend the commencement date of section 58(2) of POPIA to 01 February 2022.  They published a notice in this regard on their website by 18 June 2021 and this will be in the gazette on or before 25 June 2021. We attach a copy of the notice for your reference.

The above-mentioned extension of the commencement date effectively means that the responsible parties who are processing personal information which is subject to prior authorisation will continue to do so for the next seven (7) months, whilst the Regulator is processing their applications.

Prior Authorisation is required if an entity is going to process information (unique identifiers of data subjects) for a purpose other than the originally intended at collection and with the aim of linking the information together with information processed by other responsible parties.

Please note that notwithstanding the aforesaid extension of the commencement date of section 58(2) of POPIA, responsible parties who process personal information which is subject to prior authorisation must ensure that their applications for prior authorisation are submitted to the Regulator in time, to enable the Regulator sufficient time to process them; and must comply with the remaining provisions of POPIA.

The extension provided for in this proclamation by the Regulator is aimed at providing the Regulator with sufficient time to process all applications before it. It does not represent blanket waiver of compliance for responsible parties. Given the aforementioned and if you have as yet not made application for prior authorisation it is suggested that you await further clarity from the Information Regulator on how the Regulator will deal with information security measures in assessing applications for prior authorisation. The RMI will keep you abreast of developments in this regard.