Business

Data Protection Act grace period extended

Online: The new law provides protections for the use of personal and private data PIC PHATSIMO KAPENG
 
Online: The new law provides protections for the use of personal and private data PIC PHATSIMO KAPENG

While the law came into effect in October 2021, individuals and entities handling personal data were given until a year's grace period to comply with the requirements to ensure the protection of this data.

The grace period was extended to September 2023 and via a recent government gazette, has been further extended to September 2024 by the Ministry of State President. In a previous legal brief on the Act, experts at Peo Legal said the legislation clearly defines what constitutes personal data, which definition includes not only information by which persons can be identified but even that which makes them potentially identifiable whether directly or indirectly.

The Act also establishes the Information and Data Protection Commission, which will be responsible for ensuring the effective application of and compliance with the Act after its commencement. All complaints and investigations about the Act will be dealt with by the commission and in the event any parties to proceedings before the commission are dissatisfied with the decision of the commission, these can be appealed to the Information and Data Protection Appeals Tribunal.

The legislation also prescribes hefty penalties in the form of monetary fines and imprisonment for violations of its provisions.