Skip to content
POPIA

POPIA

Protection of Personal Information Act

  • ACT Summary and Preamble
  • Chapter 1 Definitions and Purpose
    • Section 1 Definitions
    • Section 2 Purpose of Act
  • Chapter 2 Application Provisions
    • Section 3 Application and interpretation of Act
    • Section 4 Lawful processing of personal information
    • Section 5 Rights of data subjects
    • Section 6 Exclusions
    • Section 7 Exclusion for journalistic, literary or artistic purposes
  • Chapter 3 Conditions for Lawful Processing
    • Part A Processing of personal information in general
      • Condition 1 Accountability
        • Section 8 Responsible party to ensure conditions for lawful processing
      • Condition 2 Processing limitation
        • Section 9 Lawfulness of processing
        • Section 10 Minimality
        • Section 11 Consent, justification and objection
        • Section 12 Collection directly from data subject
      • Condition 3 Purpose specification
        • Section 13 Collection for specific purpose
        • Section 14 Retention and restriction of records
      • Condition 4 Further processing limitation
        • Section 15 Further processing to be compatible with purpose of collection
      • Condition 5 Information quality
        • Section 16 Quality of information
      • Condition 6 Openness
        • Section 17 Documentation
        • Section 18 Notification to data subject when collecting personal information
      • Condition 7 Security safeguards
        • Section 19 Security measures on integrity and confidentiality of personal information
        • Section 20 Information processed by operator or person acting under authority
        • Section 21 Security measures regarding information processed by operator
        • Section 22 Notification of security compromises
      • Condition 8 Data subject participation
        • Section 23 Access to personal information
        • Section 24 Correction of personal information
        • Section 25 Manner of access
    • Part B Processing of special personal information
      • Section 26 Prohibition on processing of special personal information
      • Section 27 General authorisation concerning special personal information
      • Section 28 Authorisation concerning data subject’s religious or philosophical beliefs
      • Section 29 Authorisation concerning data subject’s race or ethnic origin
      • Section 30 Authorisation concerning data subject’s trade union membership
      • Section 31 Authorisation concerning data subject’s political persuasion
      • Section 32 Authorisation concerning data subject’s health or sex life
      • Section 33 Authorisation concerning data subject’s criminal behaviour or biometric information
    • Part C Processing of personal information of children
      • Section 34 Prohibition on processing personal information of children
      • Section 35 General authorisation concerning personal information of children
  • Chapter 4 Exemption from Conditions
    • Section 36 General
    • Section 37 Regulator may exempt processing of personal information
    • Section 38 Exemption in respect of certain functions
  • Chapter 5 Supervision
    • Part A Information Regulator
      • Section 39 Establishment of Information Regulator
      • Section 40 Powers, duties and functions of Regulator
      • Section 41 Appointment, term of office and removal of members of Regulator
      • Section 42 Vacancies
      • Section 43 Powers, duties and functions of Chairperson and other members
      • Section 44 Regulator to have regard to certain matters
      • Section 45 Conflict of interest
      • Section 46 Remuneration, allowances, benefits and privileges of members
      • Section 47 Staff
      • Section 48 Powers, duties and functions of chief executive officer
      • Section 49 Committees of Regulator
      • Section 50 Establishment of Enforcement Committee
      • Section 51 Meetings of Regulator
      • Section 52 Funds
      • Section 53 Protection of Regulator
      • Section 54 Duty of confidentiality
    • Part B Information Officer
      • Section 55 Duties and responsibilities of Information Officer
      • Section 56 Designation and delegation of deputy information officers
  • Chapter 6 Prior Authorisation
    • Section 57 Processing subject to prior authorisation
    • Section 58 Responsible party to notify Regulator if processing is subject to prior authorisation
    • Section 59 Failure to notify processing subject to prior authorisation
  • Chapter 7 Codes of Conduct
    • Section 60 Issuing of codes of conduct
    • Section 61 Process for issuing codes of conduct
    • Section 62 Notification, availability and commencement of code of conduct
    • Section 63 Procedure for dealing with complaints
    • Section 64 Amendment and revocation of codes of conduct
    • Section 65 Guidelines about codes of conduct
    • Section 66 Register of approved codes of conduct
    • Section 67 Review of operation of approved code of conduct
    • Section 68 Effect of failure to comply with code of conduct
  • Chapter 8 Direct Marketing, Directories and Automated Decision Making
    • Section 69 Direct marketing by means of unsolicited electronic communications
    • Section 70 Directories
    • Section 71 Automated decision making
  • Chapter 9 Transborder Information Flows
    • Section 72 Transfers of personal information outside Republic
  • Chapter 10 Enforcement
    • Section 73 Interference with protection of personal information of data subject
    • Section 74 Complaints
    • Section 75 Mode of complaints to Regulator
    • Section 76 Action on receipt of complaint
    • Section 77 Regulator may decide to take no action on complaint
    • Section 78 Referral of complaint to regulatory body
    • Section 79 Pre-investigation proceedings of Regulator
    • Section 80 Settlement of complaints
    • Section 81 Investigation proceedings of Regulator
    • Section 82 Issue of warrants
    • Section 83 Requirements for issuing of warrant
    • Section 84 Execution of warrants
    • Section 85 Matters exempt from search and seizure
    • Section 86 Communication between legal adviser and client exempt
    • Section 87 Objection to search and seizure
    • Section 88 Return of warrants
    • Section 89 Assessment
    • Section 90 Information notice
    • Section 91 Parties to be informed of result of assessment
    • Section 92 Matters referred to Enforcement Committee
    • Section 93 Functions of Enforcement Committee
    • Section 94 Parties to be informed of developments during and result of investigation
    • Section 95 Enforcement notice
    • Section 96 Cancellation of enforcement notice
    • Section 97 Right of appeal
    • Section 98 Consideration of appeal
    • Section 99 Civil remedies
  • Chapter 11 Offences, Penalties and Administrative Fines
    • Section 100 Obstruction of Regulator
    • Section 101 Breach of confidentiality
    • Section 102 Obstruction of execution of warrant
    • Section 103 Failure to comply with enforcement or information notices
    • Section 104 Offences by witnesses
    • Section 105 Unlawful acts by responsible party in connection with account number
    • Section 106 Unlawful acts by third parties in connection with account number
    • Section 107 Penalties
    • Section 108 Magistrate’s Court jurisdiction to impose penalties
    • Section 109 Administrative fines
  • Chapter 12 General Provisions
    • Section 110 Amendment of laws
    • Section 111 Fees
    • Section 112 Regulations
    • Section 113 Procedure for making regulations
    • Section 114 Transitional arrangements
    • Section 115 Short title and commencement

Condition 4 Further processing limitation

Section 15 Further processing to be compatible with purpose of collection

Privacy Policy Terms / Cookie policy / Advertise / Powered by and Copyright 2019 - 2025 Accessible Law