The organisation's Information Officer is responsible for:
Taking steps to ensure the organisation's reasonable compliance with the provision of POPIA.
Keeping the governing body updated about the organisation's information protection responsibilities under POPIA. For instance, in the case of a security breach, the Information Officer must inform and advise the governing body of their obligations pursuant to POPIA.
Continually analysing privacy regulations and aligning them with the organisation's personal information processing procedures. This will include reviewing the organisation's information protection procedures and related policies.
Ensuring that POPI Audits are scheduled and conducted on a regular basis.
Ensuring that the organisation makes it convenient for 3rd parties who want to update their personal information or submit POPI related complaints to the organisation. For instance, maintaining a “contact us” facility on the organisation's website.
Approving any contracts entered into with operators, employees and other third parties which may have an impact on the personal information held by the organisation. This will include overseeing the amendment of the organisation's employment contracts and other service level agreements.
Encouraging compliance with the conditions required for the lawful processing of personal information.
Ensuring that employees and other persons acting on behalf of the organisation are fully aware of the risks associated with the processing of personal information and that they remain informed about the organisation's security controls.
Organising and overseeing the awareness training of employees and other individuals involved in the processing of personal information on behalf of the organisation.
Addressing employees' POPIA related questions.
Addressing all POPIA related requests and complaints made by the organisation's 3rd parties.
Working with the Information Regulator in relation to any ongoing investigations. The Information Officers will therefore act as the contact point for the Information Regulator authority on issues relating to the processing of personal information and will consult with the Information Regulator where appropriate, with regard to any other matter.
The Deputy Information Officer will assist the Information Officer in performing his or her duties.