Tag
popia
Protection of Personal Information Act Summary | POPIA
The Protection of Personal Information Act (POPIA) is South Africa’s data protection law. This is a summary or short explanation of why it is important, who it affects, what the timeline is, and what action you should take. This article also provides you with links so you can read further on the Protection of Personal Information Act.
Why do we need the Protection of Personal Information Act
Essentially, the purpose of the Protection of Personal Information Act (POPIA) is to protect people from harm by protecting their personal information. To stop their money being stolen, to stop their identity being stolen, and generally to protect their privacy, which is a fundamental human right.
To achieve this, the Protection of Personal Information Act sets conditions for when it is lawful for someone to process someone else’s personal information.
Who are the Role Players?
The Protection of Personal Information Act (POPIA) involves three parties (who can be natural or juristic persons):
- The data subject: the person to whom the information relates.
- The responsible party: the person who determines why and how to process. For example, profit companies, non-profit companies, governments, state agencies and people. Called controllers in other jurisdictions
- The operator: a person who processes personal information on behalf of the responsible party. For example, an IT vendor. Called processors in other jurisdictions.
The Protection of Personal Information Act places various obligations on the responsible party, which is the body ultimately responsible for the lawful processing of personal information. Responsible parties should only use operators that can meet the requirements of lawful personal information processing prescribed by the Protection of Personal Information Act.
