Additional duties and responsibilities of information officers

4(1) Subject to the provisions of section 55 of the Act, an information officer must ensure that:

  1. a compliance framework is developed, implemented and monitored;
  2. adequate measures and standards exists in order to comply with the conditions for the lawful processing of personal information;
  3. preliminary assessments are conducted;
  4. a manual for the purpose of the Promotion of Access to Information Act and the Act is developed detailing—
    • the purpose of the processing;
    • a description of the categories of data subjects and of the information or categories of information relating thereto; (iii) the recipients or categories of recipients to whom the personal information may be supplied;
    • the planned trans-border or cross border flows of personal information; and
    • a general description allowing preliminary assessment of the suitability of information security measures to be implemented and monitored by the responsible party;
  5. the manual referred to in paragraph (d) is available—
    • on the website, of the responsible party; and
    • at the office or offices of the responsible party for public inspection during normal business hours of that responsible party;
  6. internal measures are developed together with adequate systems to process requests for information or access thereto; and
  7. awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.