The General Data Protection Regulation (GDPR) came into force on the 25th of May 2018. The changes that GDPR made to the data protection legislation are far reaching and the GDPR introduces a number of new legal concepts.
POPI / GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
All organisations that process personal data needs to be compliant.
POPI / GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be: