The search for your Information Officer begins now

02 Jul 2019

The Regulations relating to the Protection of Personal Information 2018 (the Regulations) were published by the Information Regulator on 14 December 2018. Although the POPI Regulations are final, they will only take effect concurrently with the commencement date of the Protection of Personal Information Act 4 of 2013 (POPI).

The Information Officer for private bodies is defined in POPI by using the definition provided for in section 1, of the Promotion of Access to Information Act 2 of 2000. Regulation 4 offers further insight into what the Information Regulator requires from businesses when appointing an Information Officer by setting out their minimum duties and responsibilities in addition to those set out in section 55 of POPI and include inter alia:

  • Appointing, in writing a person employed by the body to act as the Information Officer, and a Deputy Information Officer to assist the Information Officer in performing its obligations;
  • Ensuring a compliance framework is developed, implemented, monitored and maintained;
  • Performing a personal information impact assessment to ensure the business has adequate measures and standards in place to comply with the eight conditions for processing personal information; and
  • Developing, monitoring, maintaining and making available a manual that sets out (i) the purpose of processing the personal information, (ii) the categories of data subjects and personal information relation thereto, (iii) the details of third parties receiving the personal information, (iv) whether any personal information will be transferred outside the Republic and if so, the manner in which the business will transfer the personal information, (v) security measures in place to ensure information quality and safety, (vi) procedure for parties to access the personal information held by the business, (vii) training sessions to be conducted to ensure internal awareness on POPI.

While POPI and its Regulations are not yet in force, the hunt for the right Information Officer should commence as soon as possible in order to allow for adequate time to search, appoint, train and prepare for the inevitable implementation and enforcement of POPI.

See also:

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)
Anola Naidoo

Anola Naidoo is an attorney at KISCH IP's commercial department. Anola specialises in the drafting of commercial agreements, consumer law compliance, company registrations, business enterprise management, commercial law and litigation. Read more about Anola Naidoo


Commercial & Corporate Law articles by

Commercial & Corporate Law articles on GoLegal