On 31 August 2022, South Africa’s Information Regulator announced that its online portal for the registration of Information Officers (the Portal) is now operational. The Portal has been under construction since the remaining provisions of the Protection of Personal Information Act, 2013 (POPIA) came into effect on 1 July 2021.

Previously, responsible parties were advised to manually register their Information Officers while the Portal was being developed. The manual process does not appear to have been removed entirely, and Information Officers may still register themselves by completing and submitting a registration form to the Information Regulator via a dedicated email address.

The Portal also includes functionality for public bodies to submit their annual reports in terms of section 32 of the Promotion of Access to Information Act, 2000 (PAIA).

A snapshot of the Portal

In order to register an Information Officer or submit a section 32 PAIA report, users must first sign-up and create a profile on the Portal. The Information Regulator has provided two manuals for users to follow when creating profiles, registering an Information Officer and submitting section 32 PAIA reports via the Portal.

Users are able to register themselves as Information Officers of a responsible party or identify themselves as an agent or proxy duly authorised to register another person as an Information Officer. To complete the registration form, personal information pertaining to the Information Officer, any appointed Deputy Information Officer(s), details about the responsible party and information for statistical purposes must submitted.

Ensuring compliance with POPIA

Responsible parties must be aware that section 55(2) of POPIA requires all Information Officers to be registered with the Information Regulator before taking up their duties under POPIA.

There has been a recent uptick in regulatory action by the Information Regulator in response to potential non-compliance with POPIA. Responsible parties and Information Officers should be alive to the obligations set out under POPIA and ensure they are compliant with POPIA and PAIA when processing personal information.

Clyde & Co’s Cyber and Corporate and Regulatory teams frequently support organisations in managing their cyber, data privacy and regulatory risk. Should you require any support in navigating these risks and compliance with POPIA, please reach out to our team.