The wheels of legislation in South Africa move slowly. While the Protection of Personal Information Act was signed into law in November 2013, significant milestones have been slow in coming.

Here’s a running timeline about the process so far (if I’ve left out a major milestone or have the legalize incorrect – please add into comments so I can update):

• November 2013 – Parts of the Act are signed into law enabling the appointment of the Regulator.
• April 2014 – Commencement of the enacted sections
• May 2015 – The relevant bodies approve the pay grade for members of the Regulator and a formal request is made to the National Assembly to commence with the appointment of members to the Regulator.
• July 2015 –  The public is asked to submit nominations for appointment to the Regulator.
• April 2016 – Shortlist of candidates is published.
• September 2016 – The National Assembly makes recommendations as to the appointments.
• October 2016 – Members of the Regulator are announced, with effect from 1 December 2016.  Adv. Pansy Tlakula is appointed as Chair with 2 full time and 2 part time members.
• February 2017 – Chairperson of the Information Regulator holds a media briefing in which she communications the following:
  • Anticipates a 6 month timeline to complete the regulations
  • Launched the Information Regulator’s website
  • Reiterated that the Regulator’s responsibilities are split equally between the Protection of Personal Information Act (POPIA) and the Protection of Access to Information Act (PAIA)
• September 2017 – The Regulator publishes draft regulations in terms of Section 112(2) General Provisions and invites public comment
• December 2018 – The Regulator tables the Regulations in Parliament early  December and publishes in the Government Gazette on 14 December 2018.
• December 2019 – The Regulator publishes draft guidelines relating to Chapter 7 Codes of Conduct and invites public comment
• February 2020 – The Regulator appeals to the president to bring the remaining sections of the POPI Act into effect before the end of Quarter 1.
• April 2020 – It remains to be seen whether this will be the start date of the grace period for compliance.

For further reading on the PoPi Act and the long walk to enforcement, try these articles:

• ITWeb: Regulator wants POPIA in force by Q2 2020
• Information Regulator: Official documents (and dates) 
• ITWeb: Exclusive Interview with Pansy Tlakula
• Michelsons: Information Regulator in South Africa
• Standard Bank BizConnect: The Popi Act explained
• Information Regulator: official website