The 24th of March 2021 marked the start of the 100 days countdown to becoming compliant with the provisions of the Protection of Personal Information Act, Act 04 of 2013 (herein the ”Act”). The Information Regulator (herein the ”IR”), established in terms of the Act, is empowered to monitor and enforce compliance by public and private entities with the Act.
As per our previous articles regarding compliance with the Act, you will recall that the provisions of the Act will find application to all businesses, persons, and organisations that ”processes” any ”personal information”. ”Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
In the event where your organisation processes any personal information, your organisation will be considered a ‘Responsible Party’ and must comply with the provisions of the Act. Each responsible party will, among other things, be required in terms of the Act to appoint an information officer.
The duties and responsibilities of the information officer include:
According to the IR’s website, the IR is currently processing public comments in respect of the draft guidelines for the registration of information officers. It is anticipated that the guidelines for registration of information officers (now called the ‘Guidance Note on Information Officers and Deputy Information Officers’), to be published on or before the end of April 2021 and registration will commence on the 01st of May 2021. For further information, the IR’s webpage is active and can be accessed at: https://www.justice.gov.za/inforeg/index.html
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)