With The Protection of Personal Information Act (POPIA) that came into force on the 1st July 2021 and the General Data Protection Regulation (GDPR) which came into force on the 25th of May 2018. The changes that POPIA and GDPR made to the data protection legislation are far reaching and introduces a number of new legal concepts.
POPI / GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
All organisations that process personal data needs to be compliant.
POPI / GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be: