The POPI Act designates the head of the business as the Information Officer. The Information Officer can delegate his or her responsibilities to any other duly authorised person and can appoint as many Deputy Information Officers as necessary. However, it is important to note that the Information Officer remains ultimately responsible for ensuring that the processing of personal information is done in a lawful manner and “retains the accountability and responsibility for any power or the functions authorised to that person”.

The Act stipulates the following general responsibilities:

• To encourage compliance with POPI.
• Deal with requests made to the organisation in relation to POPI (for instance, requests from Data Subjects to update or view their personal information).
• Work with the Regulator in relation to investigations.
• Develop, implement and monitor a compliance framework.
• Ensure that a personal information risk assessment is done to ensure that adequate measures and standards exist.
• Develop and make available a PAIA manual,
• Ensure that internal awareness sessions are conducted,
• Ensure compliance with POPI as may be prescribed (i.e. keep an eye on the Regulator’s website).

The instructions on how to register an Information Officer are provided by the Regulator in a Guidance Note together with the registration forms. You can download the Guidance Note here:  Information Regulator SA Guidance Note.

To register click on this link and open the online registration form: https://www.justice.gov.za/inforeg/portal.html

Please note the portal is currently unavailable due to technical issues. As a result, the Regulator has withdrawn the deadline to register Information Officers.

Vishane Pramrajh | Employee Benefits Manager