Protection of Personal Information Act (POPI)

Root Folder
POPI - Protection of Personal Information Act

Principle 1: Processing Limitation

Personal information must be collected directly from the data subject and may only be processed with the consent of the data subject, or where it is necessary to comply with a legal obligation, public law duty or contractual obligation

Principle 2: Specific Purpose

Personal information must be collected for a specific, explicitly defined and legitimate purpose, The data subject should be aware of the purpose for which the information is collected, and who the likely recipients of the information should be

Principle 3: Further Processing Limitation

Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially. Thus, if information was processed for the purpose for which it was collected, it may only be processed further if it can be shown that the purpose for further processing is compatible with the original purpose. The Bill provides guidelines to assist with such an assessment.

Principle 4: Information Quality

The person or institution that determines the purpose and means for processing personal information should ensure that the information is complete, not misleading, up to date and accurate.

Principle 5: Openness

Also, where personal information of a data subject is collected, the person or institution responsible for such collection must ensure that the data subject is aware of:

  • The fact that the information is being collected
  • The name and address of the person or institution collecting the information
  • Whether or not the supply of the information by that data subject is voluntary or mandatory, and consequences of failure to reply; and
  • Where the collection of information is authorised or required under any law, the particular law to which the collection is subject.

Principle 6: Security Safeguards

The Bill requires the implementation of technical and organisational measures to secure the integrity of personal information, and to guard against the risk of loss, damage or destruction of personal information. Also, personal information should be protected against any unauthorised or unlawful access or processing.

Principle 7: Individual Participation

A data subject is entitled to the particulars of his or her personal information held by an institution or person, as well as to the identity of any person that had access to his or her personal information. The data subject is also entitled to require the correction of any information held by another party.

Principle 8: Accountability

The party or institution that holds personal information must give effect to the principles for the
protection of personal information as set out in the Bill.


iPulse Support Team

Add Feedback