The coming into effect of the personal privacy requirements under the Data Protection Act has been further extended to September 2024, giving entities that hold individuals' data another year to transition to the tighter new legal provisions.
While the law came into effect in October 2021, individuals and entities handling personal data were given until a year's grace period to comply with the requirements to ensure the protection of this data.
The grace period was extended to September 2023 and via a recent government gazette, has been further extended to September 2024 by the Ministry of State President. In a previous legal brief on the Act, experts at Peo Legal said the legislation clearly defines what constitutes personal data, which definition includes not only information by which persons can be identified but even that which makes them potentially identifiable whether directly or indirectly.
The Act also establishes the Information and Data Protection Commission, which will be responsible for ensuring the effective application of and compliance with the Act after its commencement. All complaints and investigations about the Act will be dealt with by the commission and in the event any parties to proceedings before the commission are dissatisfied with the decision of the commission, these can be appealed to the Information and Data Protection Appeals Tribunal.
The legislation also prescribes hefty penalties in the form of monetary fines and imprisonment for violations of its provisions.