What does the POPI Act Draft Regulations mean for you?

What does the POPI Act Draft Regulations mean for you?

After the Protection of Personal Information (POPI) Act Draft Regulations were gazetted in September 2017, they are expected to be published in April 2018 after comments and suggestions were considered.

The Draft Regulations are basically more detailed rules and procedures on the practical application of the POPI Act. An assessment of the Draft Regulations demonstrate that they are practical and relatively uncomplicated.

What is the role of the POPI Act Draft Regulations?

The Draft Regulations set out the following:

  • The process of lodging an objection on processing information.
  • How to request the destroying, deletion and or making a correction of record of information.
  • How to apply for the issuing of a code of conduct.
  • How to request consent for the processing of information for the purpose of direct marketing by means of unsolicited electronic communication.
  • The process of submitting a complaint.

The Draft Regulations also stipulates that the Information Regulator can decide to act as conciliator and or mediator at any time during an investigation with regards to interference of the protection of personal information of a data subject.

What does this mean for a business in South Africa?

The greatest and most significant focus for South African businesses should be Regulation 4 of the Draft Regulations, dealing with and increasing the responsibility that an information officer already have in terms of the POPI Act. Regulation 4 clearly states that the Information officer will have to ensure that:

  • A compliance framework is developed, implemented and monitored.
  • Adequate measures and standards exist in order to comply with the lawful processing of personal information.
  • A manual is developed for the purpose of the Promotion of Access to Information Act.
  • This manual is available on the business’s website and at their offices.
  • The business have internal measures and adequate systems to process requests for, or access to, information.
  • The business have conducted awareness sessions regarding the POPI Act, Regulations made in terms of the act, any codes of conduct and or information received from the Information Regulator.

Businesses must ensure their current policies and procedures drafted and provided by their legal advisor are in place and updated. If not, make an appointment as soon as possible with your legal advisor to review your business situation and discuss possible remedies to get back on track.


Altus de Wet is a SEESA Consumer Protection & POPI Legal Advisor at our Bloemfontein office.


Leave a reply

Your email address will not be published. Required fields are marked *