The POPIA Act established a legal juristic person known as the Information Regulator, which:
- has jurisdiction throughout the Republic;
- is independent and is subject only to the Constitution and to the law and must be impartial and perform its functions and exercise its powers without fear, favour or prejudice;
- must exercise its powers and perform its functions in accordance with this Act and the Promotion of Access to Information Act; and
- is accountable to the National Assembly.
The Regulator’s powers, duties and functions are to:
- provide education, including the promotion of understanding and acceptance of the
Conditions of Lawful Processing of Personal Information;
- monitor and enforce compliance through the powers vested in it by the legislation;
- consult with interested parties on a national and international basis;
- handle and investigate complaints;
- conduct research and report to Parliament on international developments;
- assist in the establishment and development of codes of conduct;
- facilitate cross-border cooperation in the enforcement of privacy laws with other jurisdictions;
- and generally, do everything necessary to fulfil these duties, and foster a culture which protects personal information in South Africa.
- Furthermore, a person acting on behalf or under the direction of the Regulator has a due to uphold confidentiality except if the communication of such information is required by law or in the proper performance of his or her duties.
Failure to comply with POPIA, could lead to:
- A complaint lodged with the Information Regulator
- Receiving a civil claim for payment of any damages
- Criminal Prosecution; if convicted there could be a fine up to R10 million or a prison sentence up to 10 years.
Benefits of POPIA:
In promoting transparency and openness increases customer trust in the organisation. Compliance to the Act involves capturing the minimum required data, ensuring accuracy, and removing data that is no longer required. These measures should improve the overall efficiency and reliability of the organisation’s databases.