
The Chief Executive Officer of a private body may appoint any natural or juristic person as the entity's information officer. The primary duty of an information officer is to inform and advise the responsible parties on compliance with the conditions for lawful processing of personal information and to assist data subjects make requests, lodge complaints and seek financial compensation.
When appointing an information officer consider the professional experience and expertise the information officer should have in safeguarding personal information, enabling data subject rights, complying with the conditions and available enforcement mechanisms. The required level of expertise is not defined in POPIA or PAIA, but it must be commensurate with the sensitivity the personal information and complexity of the organisation's processing operations.
Our information officers participated in the development of POPIA and have considerable practical data protection expertise. Read more ...