POPIA: Information regulator issues guidelines for the development of codes of conduct

Source: Ahmore Burger-Smidt, director and head of Data Privacy Practice and member of Competition Law Practice; and Dimakatso Khumalo, candidate attorney, 23 February 2021, WERKMANS Attorneys/Agbiz e-newsletter 26 February 2021, photo credit: ISASA

  1. On 22 February 2021, the South African Information Regulator (“Regulator“) published Guidelines to develop Codes of Conduct (“Guidelines“) under the Protection of Personal Information Act No. 4 of 2013 (“POPIA“).
  2. It is probable that organisations which fall within the same industry will encounter similar or even identical data protection issues. Codes of Conduct provide such organisations with useful guidance on industry-standard approaches to these issues. By developing and implementing Codes of Conduct, organisations are in a better position to demonstrate to individuals that it takes their data protection rights seriously. This, in turn, may persuade those individuals to do business with that organisation rather than with its competitors.
  3. The South African economy is saturated by a plethora of industries/industry sectors, and professional and vocational bodies (“industry bodies“). All these industry bodies have distinct and unique ways of managing their business, profession or vocation to an extent that there is not a one size fits all compliance approach across all industries. As a consequence, industry specific dynamics ought to inform the way forward considering the impact of POPIA industry members. The conditions and implementation for the lawful processing of personal information under POPIA will undoubtedly be influenced by the distinct features that each of these industry bodies possess. The members of these industry bodies are expected to collect different personal information of their clients as well as employees in order to conduct their business.
  4. The Guidelines (once effected) envisage to direct and assist relevant bodies, including bodies or class of bodies of specified industries, professions, or vocations, to draft their own Codes of Conduct with the aim ofcompliance with the provisions of POPIA. The Guidelines establish a standard that the Regulator will apply when evaluating Codes of Conduct for approval and also afford to those industries, considering the implementation of a code of conduct, a practical guide to clearly address the aspects that the Regulator deems important.
  5. The Guidelines will assist relevant bodies to prepare and submit for approval Codes of Conduct to the Regulator. It aims to provide a step by step process guidance. It is clear from the guidelines that industry bodies should conduct consultation with their stakeholders and decide on their own procedures and processes to be followed in dealing with, not only complaints, but also with overall compliance with POPIA through more specific and tailored compliance mechanisms. Simply put, the Codes of Conduct serve as a Roadmap to Compliance.
  6. These industry bodies will therefore benefit tremendously from Codes of Conduct which are more specific and professional orientated, and which target the unique aspects of the profession they are regulating, while remaining compliant with the provisions of POPIA.
  7. The guidelines can be downloaded and reviewed in order to consider what impact they will have on you organisation.

The South African Pork Producers’ Organisation (SAPPO) coordinates industry interventions and collaboratively manages risks in the value chain to enable the sustainability and profitability of pork producers in South Africa.