The long awaited establishment of the office of the Information Regulator in terms of the Protection of Personal Information Act (“POPI”) has now taken place, with former IEC chairperson Pansy Tlakula at the helm. The Information Regulator is tasked with seven specific and one general duty in terms of section 40 of POPI. These include:
- Educating people about the new data processing requirements of POPI, including new rights for consumers
- Monitoring and enforcing compliance with POPI (which includes imposing hefty penalties)
- Consulting with stakeholders about data processing, including playing the role of a mediator
- Dealing with complaints, including investigating them and resolving disputes
- Conducting research and reporting to parliament on data processing trends abroad and possible incorporation into our law
- Participating in cross-border initiatives relating to privacy laws
With so many important, and specialised functions, one hopes that the Information Regulator will be recruiting a great number of experts and that this has been allowed for in its budget. The creation of the Regulator has been seen as a final step before POPI can be implemented and we can probably expect a proclamation to that effect fairly soon. Once such proclamation has been made, businesses will have a grace period of 12 months within which to become POPI compliant, whereafter very stiff penalties will apply.