Reading Time: 2 minutes

You Need a Code of Conduct

The Protection of Personal Information Act (PoPIA) is finally coming into full effect after many years. With only 4 months to be compliant, many people are still confused about what is required of their business or their industry.

As of the 1st of March 2021, PoPIA regulations in regard to having a code of conduct for your industry or professional body (and having it approved) have come into effect.

The Information Regulator puts it this way when defining relevant bodies and stakeholders who might issue such codes of conduct:

“Relevant body/bodies” refers to any specified body or class of bodies, or any specified industry, profession, or vocation or class of industries, professions, or vocations that in the opinion of the Regulator has sufficient representation;

“Relevant stakeholders” mean stakeholders, affected stakeholders or a body representing such stakeholders; and

“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing of personal information.

It is good to note that the code of conduct is to be submitted to the Information Regulator for approval. They can be sent to:


How To Make A Code Of Conduct

Part of the required code of conduct in terms of Section 63 has to relate to the handling of complaints (under the code itself).

The Information Regulator has issued a guide on making and dealing with complaints in a code of conduct which you can download here:


Helpful Checklist

You can also download the Information Regulators helpful checklist on what the code should include here:



Debt Counsellors

It remains to be seen which body or bodies decide to submit a code of conduct in regard to PoPIA in regard to Debt Counselling. There are currently 2 larger Debt Counsellor bodies and possibly 3 smaller ones representing a number of practices.

Information Officers

The Act requires organisations to appoint an Information Officer who will be the person responsible for ensuring the organisation complies with the Act.

‘The Act requires organisations to appoint an Information Officer’

These officers also need to be registered with the Information Regulator. This comes into effect as of 1 May 2021. Recently however it seems (from a guideline about them) that registration needs to be made by 31st March 2021.