POPI Regulations and

the duties of the Information Officer

 The time has arrived !!

 

By Johanette Rheeder

 

The information Regulator, Adv Pansy Tlakula was appointed on 1 December 2016 in terms of the Protection of Information Act (POPI) 4 of 2013 and is amongst others, empowered by POPI to monitor and enforce compliance by public and private bodies with the Act.

The Information Regulator is an independent body established by section 39 of the Act and is subject to only the law and the Constitution. One of her first tasks as set out in by the National Assembly is to make regulations, the arrival of which the whole of South Africa has been waiting for with “baited” POPI anticipation.

The Information Regulator has now, under section 112(2) of POPI, made the draft regulations relating to the Protection of Personal Information, as published under GG 41105, GoN 709, dated 08 Sep 2017. The deadline for submissions is 7 November 2017 and can be sent to  inforeg@justice.gov.za.

The draft regulations deal with inter alia the duties and responsibilities of the Information officer (IO) of the responsible party. In terms hereof, subject to the provisions of section 55 of the Act, an information officer must ensure that certain actions take place.

This appointed person, must ensure that a preliminary assessment (gap analysis) is conducted and a compliance framework is developed, implemented and monitored. Therefore, the Information officer is the dedicated person in a business responsible for the gap analysis and the implementation of remedial action to ensure compliance and the implementation and monitoring thereof on a continuous basis.

Once the compliance framework is in place, the IO must ensure that continuous and adequate measures and standards exist and stay in place in order to comply with the 8 conditions for the lawful processing of personal information.

The IO is also responsible for developing a manual for the purpose of the Promotion of Access to Information Act and POPI, providing certain detail such as the purpose of the processing, a description of the categories of data subjects and of the information or categories of information collected relating thereto, the recipients or categories of recipients to whom the personal information may be supplied, the planned trans-border or cross border flows of personal information, if any.

The manual must also contain a general description of security measures, allowing a preliminary assessment of the suitability of the information security measures to be implemented and monitored by the responsible party;

The manual must be made available on the website of the responsible party and at the office or offices of the responsible party for public inspection during normal business hours of that responsible party.

The IO must ensure that internal measures are developed together with adequate systems to process requests for information or access thereto.

Awareness sessions must be conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.

The IO, or a person designated by him or her, can upon request of any person provide copies of the manual, to that person upon payment of not more than R 3.50 per page.

From the above draft regulations it is clear that companies need to start preparing for implementation and that the first steps are to appoint the IO, do awareness training and a detailed gap analysis to get compliance ready!

You can download this newsletter as a PDF document, or send the link to a friend.
Download as PDF

Document of the Month

Disciplinary Hearing - Sanction

FREE Download

Upcoming Events


Course 2 - Chairing and initiating Disciplinary Hearings

Date: 23/11/2017 08:30:00 AM
Event Type: Public Workshop
Venue: LabourSmart Office


Course 6 - Managing day to day HR

Date: 28/11/2017 08:30:00 AM
Event Type: Public Workshop
Venue: LabourSmart Office


Sanctions - When to Dismiss or Give Warnings

Date: 28/11/2017 12:00:00 PM
Event Type: Webinar
Venue: Not Applicable


Course 7 - A guide to Retrenchments and Transfer of Business

Date: 01/12/2017 08:30:00 AM
Event Type: Public Workshop
Venue: LabourSmart Office


Abuse of Sick Leave

Date: 05/12/2017 12:00:00 PM
Event Type: Webinar
Venue: Not Applicable


Course 2 - Chairing and initiating Disciplinary Hearings

Date: 07/12/2017 08:30:00 AM
Event Type: Public Workshop
Venue: Southern Sun O.R. Tambo


Course 12 - Recruitment and Selection - POPI Act

Date: 02/02/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 8 - Conducting conciliations and arbitrations in the CCMA

Date: 07/02/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 5 - Work place discipline and dismissal

Date: 15/02/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 3 - Investigating and charging in Disciplinary Hearings

Date: 21/02/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 6 - Managing day to day HR

Date: 06/03/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 2 - Chairing and initiating Disciplinary Hearings

Date: 08/03/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 10 - Basic Labour Relations - Overview of the LRA and BCEA

Date: 14/03/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 15 - Protection Of Personal Information Act

Date: 16/03/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 12 - Recruitment and Selection - POPI Act

Date: 05/04/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


Course 8 - Conducting Conciliations & Arbitrations in the CCMA

Date: 11/04/2018 08:30:00 AM
Event Type: Public Workshop
Venue: To be announced


See more...
Title Description Published By
August 2017
August 2017 Alex Davies View
July 2017
Temporary Employment Services - NUMSA vs Asign Services Alex Davies View
June 2017
Probation and probation related dismissals in the CCMA Johanette Rheeder View
May 2017
Job descriptions and extra duties required of an emplyee Johanette Rheeder View
March 2017
The extention of collective agreements in the workplace Alex Davies View
January 2017
The application of the prescription act to disputes under the labour relations act Alex Davies View
November 2016
Who can represent parties at CCMA proceedings? Yozan Botha View
September 2016
“Solidarity for Ever” Collective bargaining – rights and duties Johanette Rheeder View
July 2016
POPI Implementation on the horizon Johanette Rheeder View
May 2016
Applying the rule test in disciplinary hearing Johanette Rheeder View
April 2016
Does the managerial prerogative still apply during the recruitment process? Johanette Rheeder View
March 2016
The Stigmatising Effect of Medical Testing on Mental Illness Kellie Hennessy View
February 2016
Office Romance - A Lesson in managing personal relationships at work Kellie Hennessy View
January 2016
Rights for Males to Maternity Leave Benefits Kellie Hennessy View
December 2015
Interdicting Disciplinary Hearings Johanette Rheeder View
November 2015
The Right to Natural Justice in Disciplinary Hearings Xander Wehncke View
October 2015
The Protection of Personal Information Act No 4 of 2013 (“POPI”): Rethink the ‘architechture’ of your business Kellie Hennessy View
September 2015
Load Shedding in the Workplace: Negotiate Back the Power Kellie Hennessy View
July 2015
Retrenchment - Do We Recognise The Effect? Johanette Rheeder View
June 2015
The new CCMA rules - The ultimate relief? Johanette Rheeder View
May 2015
Medical Incapacity, Disability and Discrimination Kellie Hennessy View
April 2015
Breach of the trust relationship in employment: What to prove and how to prove it Xander Wehncke View
March 2015
The exposure of senior employees in terms of Labour Relations Amendment Act 2012 Johanette Rheeder View
February 2015
The Correct Approach to a Reviewable ‘Error in Law' Kellie Hennessy View
January 2015
E-Cigarettes and the Workplace Kellie Hennessy View