Update on POPIA and the Information Regulator (South Africa)

Protection of Personal Information Act Regulations 2018

Did you now that the POPI Regulations 2018 were gazetted last December? They add weight to the requirements of the POPI Act. In this news item we want to focus in particular on the Responsibilities of information Officers which were covered in the POPI Regulations.

Responsibilities of information Officers

The POPI Regulations 2018 include a section on the responsibilities of the Information Office role. The Regulations provide a summarised description of the role. We recommend than an Information Officer appointment letter, which includes the designation and delegation of Deputy Information Officers, is established in order to formalise these roles. Key points relating to the responsibilities of the Information Officer contained in the Regulations are:

  • A compliance framework is developed, implemented, monitored and maintained
  • A personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information
  • A manual (a PAIA manual) is developed, monitored, maintained and made available as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000) (aka PAIA)
  • The Information Officer shall upon request by any person, provide copies of the manual to any person upon the payment of a fee to be determined by the Regulator from time to time
  • Internal measures are developed together with adequate systems to process requests for information or access thereto
  • Internal awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.
  • These requirements in the Regulations are intended to complement and not replace the provisions in the POPI Act concerning the Information Officer (see section 54 to 56).

Effective date

Please note that at the time of publication of the Regulations in the Government Gazette in December 2018 the effective date had not yet been announced.
For a full copy of the Government Gazette announcing these regulations and for further information please visit the Information Regulator South Africa web site at http://www.justice.gov.za/inforeg/

Correct as at February 2019

Please note this document is not legal advice but a practical interpretation to help Responsible Parties and their Information Officers and Data Subjects to make best use of the Regulations

For further information regarding this document

Please contact Dr Peter Tobin petert@iact-africa.com or John Cato johnc@iact-africa.com