By Rona Bekker
As if business in South Africa is not hindered enough already by legislative red tape and operational stumbling blocks created by Government’s endless compliance demands and bureaucratic complexity, yet another compliance demand has been added to the pile.
By now, most businesses have been made aware of the looming ‘cut-off date’ for full POPIA compliance, which is the 1st of July 2021. All organisations have been given a year, from the date of inception of the POPI Act, which was 31 July 2020, to implement structures and policies to ensure their compliance therewith.
The POPI Act, like most compliance legislation in South Africa, is written in jargon-laden language and is of an extremely technical nature, which causes it to be completely inaccessible to any institution not equipped with legal capacity. Consequently, most organisations will have to seek the assistance and services of other legally orientated service providers, to aid them in becoming compliant, which naturally means the incurring of additional expenses for their business.
As expected, the authority implementing the POPI Act and all that goes with it, the Information Regulator, is in itself not at all prepared for the administrative task ahead:
- Numerous guidance notes are still awaiting finalisation and publication.
- Only one code of conduct, for one specific industry, has been issued.
- The online registration portal for Information Officers is experiencing technical difficulties.
- During an online webinar with the Information Regulator on 25 May 2021, the Regulator could not answer various pressing questions from businesses, due to lack of knowledge on the new Act and how to implement it.
The ridiculousness of this entire scheme was highlighted when the Information Regulator stated, during said webinar and notwithstanding the above issues, that they “unequivocally confirm that the date for full compliance with the Act will NOT be extended.”
This new and daunting challenge for business operations comes against the backdrop of companies merely trying to keep afloat after the Covid-19 induced lockdown.
Now, with the new POPIA demands, Government will micro-manage the inner, most delicate operations of your business, ensuring a whole new type of administrative headache. The systematic and technically operational requirements are extremely burdensome to adhere to. Companies will have to account for the collecting, recording, organising, structuring, storing, modifying, consulting, using, publishing, combining, erasing, and destroying of every, single, source of personal information in their organisation.
Clearly, Government still deems it appropriate to issue copious amounts of legislation, regulations and requirements ensuring that business in South Africa ultimately becomes impossible to conduct, without ever acknowledging its own incapability of ensuring adherence to these impossible demands.
Rona Bekker is a Senior Policy Advisor at the National Employer’s Association of South Africa (NEASA).