Practical Guidelines to Prepare for the POPI Act.
Draft Regulations to the Protection of Personal Information (POPI) Act were published in the Government Gazette on Friday, 8 September 2017. The Regulations are short, but provide some information on practical processes that will need to be followed when the POPI Act comes into force.
The Draft Regulations provide guidance on:
• Mechanisms for objecting to the processing of personal information;
• Mechanisms for requesting the correction and removal of personal information;
• Duties and responsibilities of information officers;
• Industry bodies applying for their own privacy code of conduct; and
• Consent required for direct marketing through unsolicited electronic communication.
The Draft Regulations also stipulate how POPI complaints should be submitted, the Information Regulators role in investigations and pre-investigations, how notifications during the investigations will be handled, and how to request an assessment as to whether there has been POPI compliance in a particular situation.
Furthermore, in terms of the POPI Act, additional rules regarding the processing personal information relating to health data may be specified. Various classes of interested parties (including medical schemes and insurance companies) have been invited to provide comments on the creation of these additional rules.
Interested parties have until 7 November 2017 to comment.
For more information, please contact Nick Pemberton