The 8 POPIA Conditions You Need to Know

25 June 2021

The data explosion has put a spotlight on the value of personal information and the way businesses collect, process, and utilize people’s private data.  

Having had a year’s grace period to become fully compliant, organizations across South Africa have until next Wednesday to ensure key company processes implement the stipulated conditions of POPIA, which are legally enforceable from July 1st, 2021.

The 8 conditions under which personal information may be legally gathered and processed highlight a strong sense of respect for an individual’s private information and their right to manage it.

  1. Accountability: to ensure accountability, every business must delegate someone tasked with ensuring POPIA compliance.
  1. Processing limitation: personal information can only be processed within the law and with the data subject’s consent.
  1. Purpose specific: personal information cannot be processed outside of the permissions granted by the owner of their private data.
  1. Further processing limitation: the data subject must grant additional consent to reprocess personal information for a new purpose.
  1. Information quality: a data subject’s information must be complete, accurate and up to date.
  1. Openness: the data subject must always be aware when their data is being collected and what it is being used for.
  1. Security safeguards: a business must securely store and process all personal information to protect against hacking, modification, destruction, etc.
  1. Data Subject Participation: data subjects can demand the immediate correction or deletion of any personal data, as well as where it is being stored.

Emails, faxes and hard drives must not be overlooked either - POPIA includes this “menial” data, too. 

Cyber criminals are always pushing the boundaries in their attempt to stay one step ahead of cyber security. While fines are harsh for activity considered to be completely in breach of the Act, a business with reasonable precautions in place to protect against “reasonably foreseeable risks” could state a defendable position against the regulator.

There’s a fine balance between protecting people’s sensitive information while respecting the right to access information. POPIA aims to address this, by promoting the protection of personal information processed by public and private bodies in a regulated and open manner. This is sure to encourage a greater shift in attitude towards sensitive information and valuing its privacy more deeply.

Ultimately, POPIA provides a clear guideline to facilitate for the individual more control over our personal information, with actionable repercussions should these not be followed. The implementation of this Act is a significant step forward for individual privacy rights in a life increasingly lived online.

Back to Blogs