POPI compliance | Is your information officer ready?

What are the responsibilities and liabilities of the Information Officer?

- Encouraging compliance for the lawful processing of personal information and the provisions of POPIA

- Dealing with requests made to the private body

- Working with the Information Regulator concerning investigations

- Developing and maintain a compliance framework

- Conducting personal information impact assessments to ensure that adequate measures and standards exist to comply with the conditions for the lawful processing of personal information

- Developing, monitoring, maintaining and making available the manual as prescribed by PAIA

- Ensuring internal measures are developed together with adequate systems to process requests for information or access; and

- Conducting internal POPIA awareness sessions.

READ: Applying the POPI Act in Sectional Title Schemes and Estates

Bregmans further advise once a private body has appointed an Information Officer, they need to register details of the Information Officer with the Information Regulator following the Information Regulator’s guidelines.

"Organisations should ensure that their PAIA manuals comply with section 51 of PAIA by including the postal and street address, phone and fax number, and, if available, electronic mail address of the head of the body or his delegated Information Officer."

Still not sure where to begin? Start you POPI Act compliance with this simple pop.law checklist:   

Step 1: Audit

Do an audit of all of the existing information being processed by your business and why your business is collecting it. You also need to consider how it is being stored. 

"Review agreements you have with others, especially looking at what the third party’s responsibilities are regarding the information you share with them."

Step 2: Clean Up 

Remove any information that is no longer required by the business, including customers who are no longer using your services, but especially customers who have not consented to being on your database.

Step 3: Write up procedures  

Put in place “best practice” procedures for how you want to move forward and for how long you will keep your customers information.  

Step 4: Communicate

Communicate your processes to your users. Draft the relevant documents that your customers will need for knowing what’s happening to their information. These should include: 

• Consent forms
• Privacy policies
• Cookies notices
• CCTV notices 

Step 5: Train your people 

Train everyone in your organisation to recognise when they are dealing with personal information, understand what their own responsibilities are within your business and to know who to contact if they have questions or concerns about your processes and procedures. 

"Even the most robust compliance plan will fail if the people on the ground are not equipped to implement it. Training and education can never be a once-off exercise, and the business should have some idea of how often and in what way constant training needs to take place," advises pop.law. 

Download the free pop.law PDF here.   

Want all the latest property news and curated hot property listings sent directly to your inbox? Register for Property24’s Hot Properties, Lifestyle and Weekly Property Trends newsletters or follow us on Twitter, Instagram or Facebook.