Skip to main content

What do you know about the POPI Act?

What do you know about the POPI Act?

Did you know that the #PopiAct will be in full affect as of the 1 July 2021?

The purpose of this Act is to give constitutional rights to privacy, by safeguarding information when processed by a private or public body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

Let us give you an overview of the lawful processing of personal information.

The 8 conditions for the lawful processing of personal information by a private or public body are the following:


The private or public sector is to ensure conditions for lawful processing.

Processing Limitation:

Lawful of processing as the personal information must be processed lawful in a reasonable manner that does not infringe the data subject. Personal information may only be collected for the purpose in which it is intended, while using minimal information to fulfil the purpose in which it is intended.

The private or public body needs to keep in mind that the personal information may only be processed if consent has been obtained by the data subject as data is to be collected directly from the data subject.

Purpose Specification:

Collection of the personal information needs to be collected for a specific, explicitly defined and lawful purpose.

Further processing Limitation:

Further processing of personal information must be in accordance or compatible with the purpose for which it was collected.

This regulates the further processing of the personal information obtained in the condition of purpose specification.

Information Quality:

The private or public body is required to ensure that the information obtained is complete, accurate, and not misleading, while being up to date.


The private or public party needs to notify the data subject when collecting personal information, such as what information is being collected including the source of where it is being collected from, while being transparent of the purpose of collection of personal information.

Security Safeguards:

This condition covers the security measures on integrity and confidentiality of the personal information. These measures are met by taking appropriate, reasonable technical and organisational measures to prevent he loss of, damage to, or unauthorised destruction of personal information: and unlawful access to or processing of personal information.

In order to give affect to this subsection the private or public party is to identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control.

Data Subject Participation:

A data subject having provided adequate proof of identity can request the private or public party whether or not the party hold personal information about the data subject; and request a record or description of the personal information held. The data subject may request that the information be corrected and/or deleted

At Forbtech, we care about the protection of your personal information. Therefore, we are ensuring that our products can assist your business with the required POPIA compliance.

Get in touch with our team of experts today.