The South African Information Regulator wants to talk to you. And it certainly wants to know that you will be ready to answer when it calls. For organisations in South Africa, this is a simple matter of registering on the Information Regulator portal. For organisations outside of South Africa, however, this requires you to appoint a South Africa representative for POPIA.
What is a South Africa representative?
A South African POPIA representative is largely the same as an EU GDPR representative in South Africa. It is a data protection representative in South Africa, specifically for organisations not established in South Africa, allowing the Information Regulator to communicate with you.
This data protection representative is not the same as an information officer, but rather supports the information officer in their duties by acting as a conduit between the Information Regulator and the information officer. If the Information Regulator needs to contact a responsible party (or data controller, in GDPR terminology) established outside of South Africa, they will contact the responsible party’s appointed POPIA representative in South Africa, who will refer the matter up the chain to the responsible party.
Who needs to appoint a POPIA representative in South Africa?
You must appoint a South African representative if you must comply with POPIA but do not have any employees based in South Africa.
In terms of processing personal information, it is important for responsible parties to understand the differences between POPIA and other data protection laws, like the GDPR. For example, POPIA regards the data of juristic persons as personal information. Even if your organisation only processes this kind of information, you will need to comply with POPIA, and may need to appoint a POPIA representative.
In terms of where employees are based, the Information Regulator’s guidance note on information officers requires responsible parties to register their information officer on the Regulator’s portal. It goes even further to say that any information officer registered on the portal (including the default, designated or deputy information officer) has to be based in South Africa. But if you don’t have any employees in South Africa, that’s obviously not possible.
How can we help you?
We have experience in acting as POPIA representative for international organisations.
- If you need a data protection representative in South Africa, fill out the form on the right or contact us now.
- If you want more specific help in managing your data protection responsibilities, find out how we can help you as your outsourced information officer, or our related data protection solutions.