We simplify the complex

Getting to know POPI: Eight Conditions for Lawful Processing

Back to POPIA page

POPI is based on Eight Conditions for Lawful Processing of Personal Information. Each time a Responsible Party processes Personal Information, it must comply with all these conditions. Under each condition, POPI contains key requirements relating to the processing of Personal Information.

The Act outlines conditions in far greater detail, but a simplified summary of these conditions is as follows:

1. Accountability

The Responsible Party must ensure that all seven conditions are upheld throughout the entire journey with the data. This includes ensuring that Operators handle the data with the same due care.

2. Processing Limitation

Personal Information must be processed in a manner that is adequate, relevant and not excessive for the purposes it is being processed. Only the minimal amount of Personal Information must be collected for the purpose it is required and the processing must be in accordance with the reason you collected it. The Responsible party must have one of the Six Legal Grounds for processing this Personal Information.

Lawfull Processing

3. Purpose specification

Information may only be collected for a specific, explicitly defined and lawful purpose relating to the Responsible Party’s function or activity. Information may be retained only for as long as necessary to achieve the purpose for which it was collected or processed (although there are exceptions to this rule).

lawfull processing

4. Further processing limitation

The further processing of Personal Information must be in accordance with the purpose for which it was originally collected.

5. Information Quality

A Responsible Party must take reasonable practical steps to ensure that Personal Information is complete, accurate, not misleading and updated.

6. Openness

A Responsible Party must document their information processing operations, as required by POPI’s provisions. It must also ensure that Data Subjects are notified when their Personal Information is processed. In view of this condition, many organisations are compiling privacy policies, which explain their privacy operation.

7. Security safeguards

Responsible Parties must ensure that Personal Information is kept confidential and that the information’s integrity is maintained. Responsible Parties must also take appropriate measures to prevent loss of, damage to or destruction of Personal Information and to guard against unlawful acts. If there has been a data breach, the Responsible Party will also have to comply with POPI’s requirements in this regard.

8. Data Subject Participation

A Responsible Party must ensure that a Data Subject is able to confirm whether the Responsible Party holds any Personal Information about the Data Subject (at no extra cost). A Data Subject must also be allowed to correct their Personal Information and request that the Responsible Party destroy or delete it.

Lightstone has sought formal legal opinion in all matters relating to the POPI Act and we continue to refer to legal counsel while we implement our POPI compliance changes.

POPIA Documents

For ease of use, here are some of the documents referred to in the information prepared to support our Estate Agent and Automotive Industry clients. Please click on the links below.

We welcome your feedback

You are invited to send through your POPIA-related questions or comments to POPIA@lightstone.co.za.

We use cookies that are essential for this website to function and to improve your user experience. Please refer to our Privacy Policy.