POPI Act Information Officer Services

POPI Act Information Officer Services

We offer POPI Act Information Officer services in order to assist organisations to establish and maintain this key role required by both the Protection of Personal Information Act (POPI Act / POPIA) as well as the Promotion of Access to Information Act (PAIA).

The POPI Act / POPIA has contained a requirement for the appointment of an Information Officer since it was signed into law in 2013 within the context of assigning Accountability (Condition 1 in the Act) for implementing and maintaining compliance measures.

The Information Officer in any organisation is the Designated Head e.g. the CEO in a commercial organisation or the Director General in a government organisation. The accountability for the Information Officer role cannot be delegated but a Deputy Information Officer (or Officers) can be appointed to carry out the tasks of the Information Officer.

On 14 December 2018, the final POPI Act Regulations were published in the Government Gazette.  Please visit our POPI Act Regulations Summary page for more information.  A key section in the regulations covers the responsibilities for role of the Information Officer.  These duties are:

  • A compliance framework is developed, implemented, monitored and maintained
  • A personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information
  • A manual (a PAIA manual) is developed, monitored, maintained and made available as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000) (aka PAIA)
  • The Information Officer shall upon request by any person, provide copies of the manual to any person upon the payment of a fee to be determined by the Regulator from time to time
  • Internal measures are developed together with adequate systems to process requests for information or access thereto
  • Internal awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the

IACT-Africa has the experience, resources and credentials to offer services which help establish and support the Information Officer role and associated requirements or we can fulfil the role of a Deputy Information Officer as a service.

POPI Act Information Officer Services Sample Activities

The POPI Information Officer services are based on the following sample activities and will be tailored to your requirements:

  • A POPI Act Compliance Health Check (an assessment and report);
  • Personal information risk and impact assessments;
  • Provision of a POPI Act Compliance framework (assessment tools, pre-written templates for policies, contracts, notices etc.);
  • Identification of key personal information collection and processing points;
  • Identification of key personal information stores (where it is stored and processed);
  • Assessment of Service Provider agreements;
  • POPI Act / Personal information staff awareness training;
  • Monthly status report;
  • Email and telephone support;
  • Completion of ongoing POPIA/POPI Act compliance assessments.

Our POPI Information Officer services are able to address the needs of small, medium and large organisations. They are based on a minimum term of 6 months after which you may cancel with 30 days notice.

Why select IACT-Africa for POPI Act Information Officer services?

IACT-Africa has specific strengths to offer in the role of the supplier of Information Officer services:

  • Knowledge: an in-depth understanding of the Corporate Governance context for POPIA/POPI Act and GDPR compliance, specifically from a business operations and IT implementation perspective;
  • Certification: We have a Certified Data Protection Officer (GDPR ), a member of the International Association of Privacy Professionals (IAPP) and a Certified GDPR / Privacy Trainer in our team;
  • Solutions: a set of solutions for assisting organisations to achieve the required level  of POPIA and GDPR compliance have been developed and proven which enable us to assist you with your POPI program in an efficient and cost effective manner;
  • Skills: extensive capabilities in conceptualising, planning, implementing, monitoring and evaluating Governance and Management projects, including knowledge of the Information Officer role as required by POPIA and PAIA;
  • Experience: many years of relevant experience in helping customers assess their business needs and implement any required changes to address those needs; specific experience of supporting other residential estates with their POPIA projects;
  • Value: a professional, dedicated approach to delivering high value at low risk to our clients.

Please contact us for more information about our POPI Act Information Officer Services or to discuss your specific POPI Act related needs.