The Protection of Personal Information Act 4 of 2013 ("POPIA") and the implementation deadline is set for 1 July 2021.
POPIA requires every public or private body who processes personal information to designate and appoint an individual who will be responsible, within that business or institution, for ensuring compliance with POPIA and being responsible for the governance, management and security of personal information. These persons are known as information officers and must be registered with the Information Regulator. The process to register information officers will commence on 1 May 2021.
The Guidance Note published on 1 April 2021, also provides that an information officer may designate one or more deputy information officers, as may be necessary. For private bodies, the information officer is designated as the executive head of the responsible party. This person, usually the owner or Managing Director, may then delegate any power or duty imposed on him/her to a deputy information officer, who may assist with carrying out and being responsible for these compliance and data governance functions.
In terms of the Guidance Note, businesses must register their designated Information Officer by either completing the online registration process on the Information Regulators' online portal (which is expected to be accessible from the end of April 2021) or by manually completing the registration form as attached to the Guidance Notes and submitting this via electronic mail or by delivery to the Information Regulators offices.
Contact us for all your POPIA compliance needs!
Originally published 1 May 2021.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.