The Act has been signed into law by the President of South Africa (Jacob Zuma) on 19 November 2013 and published in the Government Gazette Notice 37067 on 26 November 2013. The Act is only partially operational, with a focus on sections 39-54, 112 and 113.
Members of the Information Regulator took office on the 1st December 2016 and endeavour to fully operationalize the Act in 2018. In terms of POPIA, all public and private bodies will be expected to be compliant with its provisions within 1 (one year).
Chapter 3, outlines the conditions for lawful processing of personal information in South Africa. Responsible Parties must ensure that ALL conditions have been met, when processing Personally Identifiable Information (PII) of a natural person and, where applicable, a juristic person.
To comply with Condition 8, Security Safeguards, the responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.