Responsible parties should register their information officer online (encouraged) as soon as possible. Failing to register your information officer is not a criminal offence, but there can be severe consequences. If you struggle to register on the portal, we can help. You can also read more about the Information officer role for POPI and PAIA.

Register on the information regulator portal online

The regulator has created an electronic platform, the Information Officer eServices Portal on their website to enable you to do this. You need to create a profile and log into your profile to use the portal. You can register yourself if you are an Information Officer or an Admin Officer like an attorney or another person doing administration in an organisation can register an IO on the portal. A few tips:

  1. If you struggle with technical problems with the portal, wait and try again in a few days.
  2. The first section is for the default information officer (or authorised officer) that the law automatically makes the information officer. For example, the CEO. This is the person who is accountable. Note the handy “Copy Organisation Address” button, which will save you time. Give the organisation’s address rather than the residential address of the officer.
  3. The second section is for the deputy or designated information officer.
  4. The portal allows you to register one person for multiple entities. One person can be the officer for more than one entity.
  5. The portal won’t allow you to appoint someone outside of South Africa. You will either need to appoint an employee based in South Africa as deputy or designated information officer, or appoint a POPIA representative.

You can also do it manually offline in paper form (not recommended)

You can do this offline by completing and emailing the Information Officer’s Registration Form to the regulator. You will find the form as Annexure A to the regulator’s guidance note on information officers and deputy information officers. This caters for those organisations who do not have access to the Internet. If you have trouble accessing the portal you can complete an eform to register the information officer and submit it by email to the regulator.

The regulator encourages people to submit their applications online.

The regulator should really have provided two application forms. One for public bodies and one for private bodies. One form creates confusion. If you are a private body trying to complete the form, here is some guidance.

  1. Part A is for the default information officer that the law automatically makes the information officer. For example, the CEO. This is the person who is accountable.
  2. Part B is for the designated information officer. For public bodies, this is called the deputy information officer but for private bodies, we prefer to call them the designated IO.
  3. Part C is for the responsible party details. For example, the company details.
  4. The default information officer should sign it.

You have to register both the default and the designated (deputy) officer with the regulator, and put both of their details in your PAIA Manual.

Who should sign the application form?

In our view, the default information officer (not the designated or delegated one) should sign the form. The default officer is accountable to the regulator and are the one that the law specifies as being the information officer by default.

What if we have already registered using an old form or portal?

You should re-register on the eServices portal.

What happens if you deregister on the portal?

If you deregister from the portal, you will remove your company registration from the regulator’s database. The removal isn’t immediate and subject to the approval of the regulator. You should use the deregistration option if you have registered yourself as an information officer on the portal but later either resign or appoint someone else as an information officer.

If you registered multiple people in an organisation it is not advised that you deregister from the portal because you will remove all the following information you have created on the portal:

  • your user profile, and personal details including your login details;
  • any company registration certificates whether they are current or historical;
  • your company profile;
  • the information officer and deputy information officer details you registered;
  • any company registrations that you drafted but haven’t submitted yet;
  • any PAIA reports you submitted; and
  • any other data and information that you added to the portal that relates to your organisation.