ENS
  September 27, 2017 - South Africa

Appointment and duties of an information officer in terms of South Africa’s POPI draft regulations
  by Rahkee Bhikha

he office of the South African Information Regulator recently published its first draft regulations in terms of the Protection of Personal Information Act, 2013 (“POPI”), entitled “Regulations relating to the Protection of Personal Information, 2017”. The draft regulations are open for public comment until 7 November 2017.

The draft regulations address various procedural aspects of POPI, which include the manner in which data subjects may object to the processing of their personal information and the manner in which to request a data subject’s consent to the processing of personal information for direct marketing purposes. The draft regulations refer to, and have attached to them, various forms that prescribe how these requests may be obtained.

Regulation 4 of the draft regulations expands on the duties and responsibilities of information officers. Information officers are defined in terms of the Promotion of Access to Information Act, 2000 (“PAIA”) to mean the “head” of the private body, which is, in the case of:

Information officers must be registered with the Information Regulator. This function may be delegated to other members of the organisation and deputy officers may be appointed to assist with duties. An information officer’s duties, as set out in section 55 of POPI, include:

Regulation 4 of the draft regulations expands on these duties to include that information officers must ensure that:


Based on these developments, it is clear that the role of every organisation’s information officer is not one to be taken lightly. An information officer’s duties are wide and their role is one that every organisation needs to review.

ENSafrica’s privacy law experts have developed innovative, world-class solutions to assist organisations and information officers to meet the stringent requirements imposed by POPI and PAIA. The firm also offers in-depth training to information officers and prospective information officers on all aspects of legislation, including the practical implementation of POPI. 

Organisations may also consider appointing ENSafrica’s data privacy experts as their information officer, to ensure that all legislative requirements are met. 

For more information on the requirements imposed by POPI and PAIA, information officer training or the appointment of ENSafrica as your organisation’s information officer, please contact us.