Protection of Personal Information Act, 2013 (Act No. 4 of 2013)RegulationsRegulations relating to the Protection of Personal Information, 20184. Responsibilities of Information Officers |
| (1) | An information officer must, in addition to the responsibilities referred to in section 55(1) of the Act, ensure that— |
| (a) | a compliance framework is developed, implemented, monitored and maintained |
| (b) | a personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information; |
| (c) | a manual is developed, monitored, maintained and made available as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000); |
| (d) | internal measures are developed together with adequate systems to process requests for information or access thereto; and |
| (e) | internal awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator. |
| (2) | The information officer shall upon request by any person, provide copies of the manual to that person upon the payment of a fee to be determined by the Regulator from time to time. |