PoPIA Regulations – Responsibilities of the information officer

POPIA regulations
15 Jan 2019

The Protection of Personal Information Act, No. 4 of 2013 (“PoPIA”) seeks to govern the processing of personal information, and in so doing, imposes a variety of obligations which will need to be complied with.

Although the commencement date has not yet been announced, on the 14th of December 2018 the Information Regulator published regulations to the Act (the “Regulations”), suggesting that PoPIA’s commencement may be forthcoming.

The Regulations

The Regulations deal with a number of procedural aspects, and of particular note and importance are the responsibilities imposed upon the information officer.

In relation to a private company, the information officer will be the CEO, or a person duly authorised by the CEO for that purpose.

The Regulations require that, in addition to any other responsibilities, an information officer must:

  • develop, implement, monitor and maintain a compliance framework;
  • perform a personal information impact assessment;
  • develop, monitor and maintain a manual as prescribed in sections 14 and 51 of PAIA (which must be made available to any person upon request);
  • develop internal procedures which adequately process requests for information; and
  • conduct internal awareness sessions.

Compliance with the Regulations

Should an entity not comply with the provisions prescribed by PoPIA it may be found guilty of an offence which (aside from reputational harm) may be punishable by imprisonment or a fine. Fortunately, upon the commencement of PoPIA there is a grace period of one year to allow all affected parties to align their internal processes accordingly.

Notwithstanding the grace period, given the wide-ranging implications of PoPIA it may be prudent to begin making the necessary preparations to ensure compliance can be achieved within the time-period.

( Credit: Connor Alexander- Candidate Attorney)

See also:

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)
Lauren Kelso

Lauren is a Partner in the Eversheds-Sutherland (KZN) corporate practice, advising primarily on commercial transactions. Lauren has participated in a number of high value mergers and acquisitions, and deals in... Read more about Lauren Kelso


Consumer Protection articles by

Consumer Protection articles on GoLegal