With the commencement of the Protection of Personal Information Act (POPI) on the 1st of July 2020, the Information Regulator has developed draft guidelines on the registration of Information Officers.
Registration of the Information Officer(s) with the Regulator is compulsory for all private and public bodies within the republic of South Africa, it is further a prerequisite for the Information Officer, to take up their duties in terms of POPI.
First things first: What is the role of the Information Officer?
The Information Officer’s responsibilities include:
- The encouragement of compliance, by the body, with the conditions for the lawful processing of personal information;
- Dealing with requests made to the business pursuant to the Act;
- Working with the Information Regulator in relation to investigations; and
- Ensuring compliance by the business with the provisions of the Act.
These duties only commence after the responsible party has registered them with the Regulator.
The business must further make provision for:
- The appointment of such number of persons, if any, as Deputy Information Officers as is necessary to perform the duties and responsibilities of the Information Officer; and
- Any power or duty imposed on the Information Officer by this Act, to be bestowed a Deputy Information Officer(s) of the business.
Who should register as the Information Officer?
Juristic persons: Chief Executive Officer, the managing director, an equivalent officer of the juristic person or a duly authorised person by the business.
Partnership: Any partner of the partnership or any person duly authorised by the partnership.
Natural Person: Sole proprietor who carries on any trade, business or profession, but only in such capacity and not in his personal capacity.
Who is the responsible party?
This is a public/private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
How does one register the Information Officer?
As per the current draft guidelines, the Information Officer of a body must complete and submit the registration form to the Regulator on or before 31 March 2021. (The form can be found on https://www.justice.gov.za/inforeg/)
It should be noted, that a business should update the particulars of an Information Officer and Deputy Information Officer(s) on an annual basis or as and when it becomes necessary.
About the Author
Melindi Dean is a SEESA Consumer Protection & POPI legal advisor in Pretoria and she started her career at SEESA in 2018. She graduated from the University of South Africa with her LLB degree.
SOURCES
https://www.justice.gov.za/inforeg/docs/InfoRegSA-Guidelines-InfoOfficers-Invite-20200717.pdf [Accessed 22 July 2020].