POPIA

THE SECOND CONDITION - PROCESSING LIMITATIONS.

 By Gilles van de Wall

Attorney at Johanette Rheeder Inc

 

The Protection of Personal Information Act, Act 4 of 2013 (“POPIA”) is now fully effective and yet again South Africans has been hit by a major privacy breach and leaking if their personal information. POPIA applies to all instances of processing of personal information (PI) of natural and juristic persons, whether they are aware of it or not or whether they have consented to it or not. All parties who process PI of the South African public (called a Data subject) must at least have a basic knowledge of what POPIA entails.

POPIA contains 8 conditions for the processing of personal information to be lawful, and each of these conditions impose different rights, duties, and obligations unto those who process personal information (called the Responsible Party). Below, I shortly discuss, on an introductory level, the second of the 8 conditions (each of the 8 conditions will be discussed separately over the course of the following few weeks).[1]

ITS WHAT THE LAW SAYS:

The Second condition of lawful processing of personal information as contained in POPIA, is the condition of process limitation. The limitation on the processing of personal information is regulated by the provisions of Section 9 to 12 of POPIA, which Sections require that the processing of personal information must at all times be lawful and done in a reasonable manner to ensure that the privacy of a Data subject is not infringed when personal information is being processed. In order to ensure that the privacy of the data subject is not infringed, the purpose for processing must be adequate, relevant and not excessive.

Therefore, when the employer process the personal information, it must pass the test of minimality. You may only collect and process personal information if you do so for legitimate (business) requirements and the information you collect or process can be linked to the purpose, passing the minimality requirement.

Therefore, all Responsible parties will have to audit the Personal information they process and test the purpose against the minimality test.

WHEN MY PERSONAL INFORMATION BE PROCESSED?

First and foremost, Personal information must be processed with consent of the Data subject and/or a competent person in case of the Data subject being a minor;

However, POPIA also allows processing without consent if the processing :

  • Is required by law, contract and/or an obligation imposed unto the Responsible party;
  • “…protects a legitimate interest of the Data subject;
  • “…necessary for the proper performance of a public law duty by a public body;
  • Is for a legitimate interest of either the responsible party or a third party;

Responsible parties may also collect Personal information without consent if the information is derivative from a public record or has been deliberately made public by the Data subject or if the Data subject or a competent person in case of a minor, has given consent to the information being collected from an alternative source.  Data subjects may withdraw consent object on reasonable grounds to having personal information processed by sending a notice to the Responsible party, which is available in the Regulations the act.

THE REGULATIONS:

Item 2, 3 and 6 of the Regulations to POPIA contains a standard form to assist a Data subject in lodging objection to the processing of Personal information and to request for amendment, correction, deletion and/or destruction of personal information. A Responsible party must render “…such reasonable assistance as is necessary, free of charge, to enable the data subject to complete the necessary forms and may charge a minimal fee for copies of Personal information.

 TO CONCLUDE:

Through these limitations on the when, where and what of processing personal information, it seems as if the legislator aimed to have organisations develop, structure and implement a ‘data-diet’, which I am of the opinion will be beneficial to organisations. There is a lot of information which organisations hold onto, process, and disseminate which may be unnecessary for purposes of legitimate processing. For example, holding onto the curriculum vitae of an unsuccessful candidate for a year or more, just in case a position opens within the organisation.

Businesses must start developing process flows and log the different personal information it processes through those process flows as well as the purpose of processing, which must be clearly defined and compatible with the minimality condition.

Gilles van de wall (BA Law, LLB) is an attorney at Johanette Rheeder Incorporated.

Contact us at:          johanette@smartprivacy.co.za or gilles@smartprivacy.co.za

 

[1] See our article on the first condition, being Accountability published on our website and LinkedIn on 7 July 2020.

You can download this newsletter as a PDF document, or send the link to a friend.
Download as PDF

Document of the Month

Check list of Disciplinary Enquiry

FREE Download

Upcoming Events


Guide to Retrenchments

Date: 29/09/2020 12:00:00 PM
Event Type: Webinar
Venue: Office / Home


DL2 - Guide to Employment Equity

Date: 05/10/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL1 - Basic Labour Relations - LRA & BCEA

Date: 12/10/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL8 - Investigating & Charging in Disciplinary Hearings

Date: 19/10/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL9 - Initiating & Chairing Disciplinary Hearing

Date: 21/10/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL19 - Protection Of Personal Information Act (POPI)

Date: 26/10/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL17 - Conducting Conciliations & Arbitrations in the CCMA

Date: 27/10/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL12 - Retrenchments During COVID-19

Date: 02/11/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL10 - Cross Examination Skills

Date: 09/11/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL8 - Investigating & Charging in Disciplinary Hearings

Date: 16/11/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL9 - Initiating & Chairing Disciplinary Hearing

Date: 18/11/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL7 - Managing HR Challenges

Date: 23/11/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


DL19 - Protection Of Personal Information Act (POPI)

Date: 25/11/2020 09:00:00 AM
Event Type: Distance Learning
Venue: Office / Home


See more...
Title Description Published By
Aug 2020
‘I am the master of my fate; I am the captain of my soul’ Gilles van de Wall View
Jul 2020
Disaster Management Regulations- 12 July 2020 Sashin Naaido View
Jun 2020
Advanced leave a possible solution to the payment of salaried employees Lezanne Taylor View
May 2020/2
CHILD MAINTENANCE AND THE IMPACT OF COVID 19 ON A PARTY’S INABILITY TO PAY Lezanne Taylor View
May 2020/1
RE-INSTATEMENT OR RE-EMPLOYMENT AFTER UNFAIR DISMISSAL Gilles van de Wall View
Apr 2020/2
COVID 19 – SMME Interventions Sashin Naaido View
Apr 2020/1
COVID-19 – Salary payments, relief payments and UIF claims during lockdown Johann Rheeder View
Mar 2020
Your obligations in a COVID-19 World State of Emergency! Gilles van de Wall View
Feb 2020
A tale of two judgments dealing with free speech and hate speech Ivor Heyman View
Jan 2020
The development of vicarious liability in Employment Law Alex Davies View
Dec 2019
The development of vicarious liability in employment law Alex Davies View
Nov 2019
Privacy implementation in South Africa – Quo vadis? Johanette Rheeder View
Oct 2019
Prescription of Labour law Wanya Cloete View
Sep 2019
Litigation Privilege: when and how can it be waived? Ivor Heyman View
Aug 2019
Refusal to accept a demand by an employer a legitimate operational requirements? Alex Davies View
July 2019
The Concept of Job Security & Fairness For Employees in Retrenchments Alex Davies View
June 2019
Can a union suspend a strike and take it up again? Johanette Rheeder View
May 2019
Social Media – Clash between Freedom of Expression & Privacy Ivor Heyman View
April 2019
Canabis in the workplace Wanya Cloete View
March 2019
GDPR/POPIA – Where Technology and Ethics have reached crossroads Megan Grindell View
February 2019
Strikes – certificates of outcome and matters of mutual interest – how far does it stretch? Johanette Rheeder View
Jan 2019
Regulations relating to the Protection of Personal Information Johanette Rheeder View
Dec 2018
Collection of debt from Employees Johanette Rheeder View
Nov 2018
Strikes – certificates of outcome and matters of mutual interest – how far does it stretch? Johanette Rheeder View
October 2018
The right to strike – A matter of mutual interest Johanette Rheeder View
July 2018
Extension of Collective Agreements Alex Davies View
June 2018
GDPR / POPIA – Where Technology & Ethics Have Reached a Crossroad Megan Grindell View
May 2018
Exemption Clauses: an assessment of the burden of proof Ivor Heyman View
April 2018
Companies that cannot afford the National Minimum Wage Department Of Labour View
March 2018
Portfolio Committee on Labour Extended Invitation for Commentary By SASLAW View
February 2018
Business Rescue Proceedings – A Brief Overview Alex Davies View
January 2018
Collection of debt from employees Alex Davies View
November 2017
Publication Of New Bills Which Impact Employment Alex Davies View
September 2017
POPI Regulations & the duties of the Information Officer Johanette Rheeder View
August 2017
Is a Break in the Trust Relationship, a prerequisite to Dismissal? Alex Davies View
July 2017
Temporary Employment Services - NUMSA vs Asign Services Alex Davies View
June 2017
Probation and probation related dismissals in the CCMA Johanette Rheeder View
May 2017
Job descriptions and extra duties required of an emplyee Johanette Rheeder View
March 2017
The extention of collective agreements in the workplace Alex Davies View
January 2017
The application of the prescription act to disputes under the labour relations act Alex Davies View
November 2016
Who can represent parties at CCMA proceedings? Yozan Botha View
September 2016
“Solidarity for Ever” Collective bargaining – rights and duties Johanette Rheeder View
July 2016
POPI Implementation on the horizon Johanette Rheeder View
May 2016
Applying the rule test in disciplinary hearing Johanette Rheeder View
April 2016
Does the managerial prerogative still apply during the recruitment process? Johanette Rheeder View
March 2016
The Stigmatising Effect of Medical Testing on Mental Illness Kellie Hennessy View
February 2016
Office Romance - A Lesson in managing personal relationships at work Kellie Hennessy View
January 2016
Rights for Males to Maternity Leave Benefits Kellie Hennessy View
December 2015
Interdicting Disciplinary Hearings Johanette Rheeder View
November 2015
The Right to Natural Justice in Disciplinary Hearings Xander Wehncke View
October 2015
The Protection of Personal Information Act No 4 of 2013 (“POPI”): Rethink the ‘architechture’ of your business Kellie Hennessy View
September 2015
Load Shedding in the Workplace: Negotiate Back the Power Kellie Hennessy View
July 2015
Retrenchment - Do We Recognise The Effect? Johanette Rheeder View
June 2015
The new CCMA rules - The ultimate relief? Johanette Rheeder View
May 2015
Medical Incapacity, Disability and Discrimination Kellie Hennessy View
April 2015
Breach of the trust relationship in employment: What to prove and how to prove it Xander Wehncke View
March 2015
The exposure of senior employees in terms of Labour Relations Amendment Act 2012 Johanette Rheeder View
February 2015
The Correct Approach to a Reviewable ‘Error in Law' Kellie Hennessy View
January 2015
E-Cigarettes and the Workplace Kellie Hennessy View

DL2 - Guide to Employment Equity

Employers need to know its obligations in terms of the Employment equity legislation to avoid hefty fines or compensation or damage orders against the...

  • Distance Learning
  • 05 October 2020 @ 09:00
  • R 950.00