Information Officers are required under South Africa’s Protection of Personal Information Act of 2013 (“POPIA”) and Promotion of Access to Information Act of 2000, whilst Data Protection Officers are required under the European Union’s General Data Protection Regulations (“GDPR”).
Are Information Officers and Data Protection Officers the same thing?
No, they are not but they serve very similar functions - helping the organisation process data lawfully. They are differentiated by the laws they aim to help a company comply with – to summarise, the differences may be summarised as follows:
Under the POPIA (s55) and PAIA s1 & s17 (Deputies), Information Officers:
are automatic & compulsory – the CEO is the Information Officer, by default;
cannot be outsourced;
must be registered with the Information Regulator;
are mandated to utilise Deputy-Information Officers where necessary; and
are not required to have specific expertise in Data-Privacy Law under the POPIA.
Duties of Information Officers under the POPIA include:
encouragement of compliance with POPIA and its conditions for lawful processing;
dealing with requests made pursuant to POPIA; and