The Role of the Information Officer


No matter the size or type of your organisation, the Protection of Personal Information Act (POPIA / Act) requires that you appoint an information officer.

The information officer is a vital role in your organisation since the person is tasked with heading up the organisation’s POPIA compliance project, ensuring that any business procedures and operations involving the handling of personal information, complies with POPIA’s conditions for lawful processing.


No matter the size or type of your organisation, the Protection of Personal Information Act (POPIA / Act) requires that you appoint an information officer. In fact the Act provides for the role to be filled automatically in the event that an appointment is not made. The default position is that in the case of a private body your information officer is your CEO and in the case of a public body it is the head of the public body. This person is required to be registered with the Information Regulator before formally taking up their duties and responsibilities as required in Act. .

Skills session topic:

The Role of the Information Officer

Cost of session:

R2 300 per attendee (VAT excluded)

Learning Outcomes:

This session will provide insight into the role of the information officer, what is expected from such person once appointed and registered, and guidance and practical scenarios to assist the information officer in the performance of his or her tasks and mandate. The learning outcomes include:

  • Designation of an information officer:
    • Who is the information officer
    • Appointment and registration of the role
    • Information officer of an operator
    • Designation of a single information officer for several organisations
    • Can you appoint an external person to be the information officer
    • Where must the information officer be located
    • Accessibility and localisation of the information officer
    • Expertise and skills of the information officer
    • Publication and communication of the information officer’s contact details
  • Position of the information officer:
    • What are the duties and responsivities of the information officer in terms of POPIA and PAIA
    • The involvement of the information officer in relation to all issues surrounding the processing of personal information
    • Necessary resources for the information to perform
    • Instructions and performing their duties in an independent manner
    • Dismissal, penalties and personal liability for non-performance and/or non-compliance
    • Conflict of interests
    • The role of deputy information officers and effect of delegation
  • Tasks of the information officer:
    • Monitoring compliance with POPIA
    • The role of the information officer in the performance of a data privacy impact assessment
    • Cooperating with information regulator and other supervisory authorities and being a point of contact
    • Risk-based approach to performance
    • Role of the information officer in record keeping
  • Practical scenarios
Why attend the session?

The information officer needs to fully understand their duties and responsibilities in order to perform their mandate. Apart from knowing what your responsibilities and duties are, it is also important to have an awareness of how to go about convincing the decision-makers of the organisation and staff that they need to comply with POPIA when performing their own duties and responsibilities. This is not always an easy thing to do and therefore, building a skill-set to understand how to go about developing and leading the implementation of a data protection compliance framework while also leveraging your deputy information officers to assist you, is at the core of the organisation’s succeeding in its POPIA compliance.

Who should attend the session?

If you have been appointed as the information officer for your organisation, congratulations and we suggest that you attend this knowledge workshop to help you put your best foot forward and plan the implementation of your duties and responsibilities.

Even if the suitable candidate has yet to be identified, the short list for the role in the organisation, which will probably be persons in managerial or leadership positions, shall benefit from this knowledge session.

Duration and location:
  • The session can either be held at our offices (Brooklyn, Pretoria) (we have capacity for a maximum of 1 – 10 persons) or online via video conferencing. The organisation to provide its preferred method of presentation.
  • The duration of the session is 2 hours, with a brief tea interval and allocated time for Q&As.

Once we have received the intended number of persons who will attend the session, together with each of their names, surnames and email addresses we shall provide 3 available dates for the session to be held.


Upon confirmation of session booking, our invoice shall be dispatched for payment to be made prior to the date of session.

Training session material:

We will provide all material in connection with the session to be presented.


The training is offered in English.

*Please take note that VDT’s training POPIA knowledge sessions are not accredited and/or affiliated with any higher education or skills development authority or institution. The skills development sessions are planned and presented internally and aim to provide applicable information regarding a particular topic presented and equip attendees with valuable skills which may assist them in further decision making.