POPIA or POPI Act

Over the last year or so, the term “POPIA” has been prominent in the press and even around the braai.

There has been much hype about how it will affect companies, an individual’s right to privacy, and what action must be
taken if personal information has been divulged in an irresponsible manner. We can all relate to those annoying spam calls where you wonder where the caller got your details from. The over-arching purpose of POPIA is to protect personal data from being misused by other parties who may access such information.

The protection of personal information is not something unique to South Africa. Many countries around the world are adopting similar legislation which ultimately protects an individual or company from being abused or defrauded by having personal information divulged to an unauthorized third party.

Timeline

Regulated by a new Information Regulator, POPIA commenced on 1 July 2020 with a 12 month grace period to get your organisation compliant by the POPIA deadline of 1 July 2021.

POPIA and Kyalami Park

Although most community schemes, such as Kyalami Park, have outsourced service providers that deal with the collection
and processing of information, the information processed by a “Responsible Party” such as a Managing Agent, Estate Manager
or Security Company, ultimately belongs to the scheme. The Chairperson of each scheme will, by default, be the “Information
Officer” who will need to populate a POPIA manual (Regulation 4). The grace period for having a formal manual in place comes
to an end 30 June 2021. The manual will cover the following:

  • Encourage compliance with conditions for the lawful processing of personal information
  • Deal with requests made pursuant to POPIA (by the Information Regulator or data subjects and in line with other legislation pertinent to the scheme)
  • Deal with internal measures which outline the process
  • requests for access for information.