Loading Courses

The Role of the Information Officer

In-depth, practical guidance for Information Officers and Deputies

Assure sustainable privacy compliance

Velisa Africa Academy, in conjunction with Data Horizons, is pleased to offer our “Role of the Information Officer” training workshop, which is specifically designed for Information Officers, Deputy Information Officers, Risk & Compliance and Legal team members as well as persons heading up an organisation’s Privacy Program.

There is currently no accredited certification in South Africa for Information Officers, but this workshop will ensure that attendees have a very clear and practical understanding of the role and responsibilities of the Information Officer, what a well-established framework and program for Privacy Management looks like as well the operational activities involved.

The training workshop is run as a group workshop with all attendees being invited to share their experiences and questions, A practical, best-practices approach to privacy management is taken, and the important role of the Information Officer is examined in detail, along with operational requirements, with information from POPIA, PAIA and the Information Regulator Guidance Note being considered.

The training is led by an expert in international privacy field, with in-depth understanding of the various facets of the POPI Act and other privacy regulation from around the world.(Optional, one-on-one call or in-person meetings can be arranged on a consultancy basis with individual information officers to discuss their specific needs, questions and organisation-specific requirements).


  • Foundations of privacy and data protection.
  • What is Personal Information (PI) and Processing thereof.
  • The 8 Conditions and lawful bases for processing
  • Rights of Data Subjects and what this means to organisation
    • Consent
    • Process Specification and Openness
    • The Right to Accuracy
    • The Right to Object
    • The Right of Access
    • Other rights
  • Data Privacy, Data Protection and Data Security
  • What is a Data Breach?
  • International Data Transfers
  • Special personal information and children’s information
  • Direct Marketing
  • Data Security vs. Privacy
  • Brief comparison to the GDPR and other African privacy regulation
  • Roles and Responsibilities as defined in POPIA
  • Responsible Parties (Controllers) and Operators (Processors) and their respective responsibilities
  • The Information Officer in POPIA and PAIA
  • Appointment – Who, Why and How?
  • Reporting requirements
  • Responding to Data Subject Requests
  • Understanding and engaging your stakeholders
  • Establishing a plan and compliance framework for managing privacy
  • Performing a Gap Analysis / Risk Assessment
  • Establishing appropriate policies, notices, and procedures
  • The Personal Information Impact Assessment and PAIA Manual
  • Ensuring staff awareness through communication and training
  • Managing Consent
  • Mapping processing activities
  •  Third-party risk management
  • Cross-border transfer of personal information and the possible impact of other regional regulations
  • Security considerations
  • Retention and disposal/destruction of personal information
  • Implementation and monitoring – assessments, audits and risk scoring
  • Developing and implementing an Incident Response Plan
  •  What it means not to comply
  • Penalties under POPIA
  • Personal and organisational liability
  • Other consequences of non-compliance or breach incidents

Other Insights

Through this training Information Officers will be provided with templates and tools, including a sample RACI for privacy governance, a Gap Analysis tool, examples of Data Maps, Records of Processing Activities template, PIA/DPIA template, Standard Contractual Clauses and more.


Email info@velisaafrica.co.za or complete the form below.
Please advise if you wish to make a corporate booking for 4 or more from the same company.

Share this on social media