When the Protection of Personal Information Act (PoPIA) came into effect last year, organisations had a year’s grace to become compliant. With that grace period set to end on 30 June 2021, the public sector finds itself with a looming deadline it will find hard to meet, says Gomedi Makhongoana, Public Sector Director, Oracle South Africa.

“The public sector holds large volumes of data, much of it extremely sensitive, but lacks many of the resources needed to protect that data in line with PoPIA’s requirements,” he says. “The impact of Covid-19 on the state’s readiness for PoPIA also cannot be underestimated— personnel have been diverted to the immediate task of getting more business processes online and enabling people to work from home. Budgets have also been adjusted substantially to accommodate Covid relief spending.