A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
Under South Africa’s Protection of Personal Information Act, 2013 (POPIA), public and private companies should designate an Information Officer who is responsible for:
Employers should also make provisions for the designation of deputy information officers, if necessary, to perform the information officer duties and responsibilities. In addition, under the POPIA Regulations, Information Officers must:
Information Officers must be registered with the South African Regulator before taking up any official data protection responsibilities. Note that the draft Guidelines for the Registration of Information Officers have not yet been finalized.