Will anybody be exempt from having an information officer?

Not at the moment. But we think that some bodies should be exempt from having to register their information officer (IO).

Is any body exempt from registering their information officer?

Unfortunately, the guidance note on information officers and deputy information officers does not touch on exemptions. Surely, not every body needs to register an officer? A private body includes “a natural person who carries or has carried on any trade, business or profession…”.

Does a street vendor selling tomatoes to passersby have to register an officer?
Does an investment company need one?
What about a restaurant or tavern?

Is this just more red tape for small business? Will the regulator’s systems even cope when everyone in South Africa tries to register their officer?

Is it possible for someone to argue that they are not a responsible party? Maybe. But virtually everyone does process personal information for some purpose.

What about an exemption?

We suggest that the information regulator exempt some bodies from having to register an information officer. In the EU GDPR, only certain controllers (AKA responsible parties) need to have an officer (not every body).

Will anybody be exempt from having an information officer?

Is any body exempt from registering their information officer?

What about an exemption?

Share This Story, Choose Your Platform!