Home
/
Our Insights
/
Blog Detail
/
Home
/
Home
|
Login
Our Team
Our Expertise
Our Insights
BOOK CONSULTATION
SUBSCRIBE
Our Team
Our Expertise
Our Insights
You can share this article in the following networks:
POPIA: What your business' Information Officer is expected to do
20 May 2021
1197
With the Protection of Personal Information Act, 2013 ("POPIA") deadline looming on 1 July 2021, many organisations are starting to feel the mounting pressure of becoming compliant with the provisions of POPIA.
A good starting point for any business embarking on its POPIA compliance journey is the identification and appointment of an Information Officer
for your organisation, not only from a practical perspective to engage this process, but this is also a
legal requirement under POPIA.
No matter the turnover, number of employees, or type of body (public or private), every organisation is required to identify, appoint and register an information officer in terms of POPIA.
In general, the role of the Information Officer is to ensure the responsible party’s compliance with both POPIA and the Promotion of Access to Information Act 2 of 2000 (“PAIA”).
Under PAIA, an Information Officer is expected to –
encourage and ensure compliance with PAIA;
create, maintain and update a PAIA manual for the body (that is if the organisation is required to have such a manual and does not fall under the current exemptions);
evaluate and approve requests for access to information received in terms of the grounds set out in PAIA, within applicable timelines.
Under POPIA, an Information Officer is expected to-
encourage compliance with the conditions for the lawful processing of personal information in terms of POPIA;
deal with requests made pursuant to POPIA (presumably by the Information Regulator or data subjects);
work with the Information Regulator in relation to investigations;
otherwise ensure compliance by the body/entity with the provisions of POPIA;
develop, implement and monitor a compliance framework for the POPIA compliance within such entity;
ensure that a personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information;
develop, monitor, maintain and make available a PAIA manual as prescribed in terms of POPIA and PAIA (subject to the aforementioned exemptions);
develop internal measures and adequate systems to process requests for access to information;
ensure that internal awareness sessions are conducted; and
any other responsibilities as may be prescribed from time to time (presumably by the Minister or the Information Regulator).
With the deadline for compliance looming,
we suggest that you contact an information and data protection attorney
as soon as possible to ensure that the information officer and his/her deputies are best positioned to implement your POPIA compliance framework and ensure that your business remains POPIA compliant thereafter.
Previous
Can you be dismissed for going to work with Covid-19?
Next
POPIA: Register your business' Information Officer online now
Share:
Subscribe to our Blogs
Talk to us
Get in touch with us to discuss how we can help you with your challenges
Get in touch
Popular Insights
An introduction to mergers and acquisitions in South Africa
When a spouse hides assets away in a trust…
Owners beware – you have limited time to claim for defects to your house
Related Insights
Title Deed Conditions: Municipal building clause containing reversionary right in favour of a municipality
The tax benefits to crypto currency losses
So what are crypto assets really?
Recent Insights
Hospitality & Events Coordinator
A litigant’s right to a fair trial and a lost trial record
Human Rights: Upholding the right to education
You can share this article in the following networks:
Subscribe to our blogs
and stay up to date with the latest developments
SUBSCRIBE NOW
Contact Us
+27 51 400 4000
law@phinc.co.za
Back to top