Deloitte Legal – Representing Tomorrow
Getting “Regulator Ready”
The commencement date of the Protection of Personal information Act 4 of 2013 (“POPI”) is expected to be announced sometime in 2017, following which organisations could have as little as 12 months to become POPI compliant or “Regulator Ready”
Can organisations become “Regulator Ready” in a year?
In October 2016, Advocate Pansy Tlakula (“Tlakula”) was, through National Assembly recommendation, appointed by the President as the chairperson of South Africa’s long-awaited Information Regulator (“Regulator”), with effect from 1 December 2016. In her recent media briefings, Tlakula advised that the Regulator is currently mobilising its operations, so that the effective date of POPI may be officially declared, triggering the 12-month grace period for compliance.
Tlakula has also indicated that the draft regulations to POPI are being prepared for final review, which will then be made available for public comment, and thereafter be tabled in Parliament. The Regulator is currently implementing all necessary measures to ensure its operational readiness by 2018. Consequently, it is imperative for all organisations handling personal information to become “Regulatory Ready” in the next 24 months.
Key takeouts from this report
The first step that all organisations need to take in order to achieve their POPI compliance objectives, is to design a one to three-year privacy or POPI compliance implementation plan. There are also numerous efficient and cost effective “quick wins” which organisations could initiate and implement to commence their journey to being “Regulator Ready” and demonstrate compliance with POPI, from a data management perspective. These quick wins should ideally be initiated within an organisation’s high-risk areas as far as personal information is concerned.
We look at the;
- The Business Rationale and benefits of Becoming “Regulator Ready”
- We look at the Privacy quick wins to optimise efforts to getting “Regulator Ready”
How can Deloitte help
Organisations (particularly larger organisations) which collect and process Personal Information should immediately set out to become “Regulator Ready” if they have not commenced their privacy compliance journey as yet. Data privacy/POPI compliance is now an integral part of business globally, making becoming “Regulator Ready” of paramount importance, not only from a compliance perspective, but also from a business strategy perspective.
Contact our Subject Matter Experts to assist you in the journey of Getting Regulatory Ready.