Lawful processing of personal information

Lawful processing of personal information

4. (1) The conditions for the lawful processing of personal information by or for a responsible party are the following:

(a) ‘‘Accountability’’, as referred to in section 8;
(b) ‘‘Processing limitation’’, as referred to in sections 9 to 12;
(c) ‘‘Purpose specification’’, as referred to in sections 13 and 14;
(d) ‘‘Further processing limitation’’, as referred to in section 15;
(e) ‘‘Information quality’’, as referred to in section 16;
(f) ‘‘Openness’’, as referred to in sections 17 and 18;
(g) ‘‘Security safeguards’’, as referred to in sections 19 to 22; and
(h) ‘‘Data subject participation’’, as referred to in sections 23 to 25.

(2) The conditions, as referred to in subsection (1), are not applicable to the
processing of personal information to the extent that such processing is—
(a) excluded, in terms of section 6 or 7, from the operation of this Act; or
(b) exempted in terms of section 37 or 38, from one or more of the conditions
concerned in relation to such processing.

(3) The processing of the special personal information of a data subject is prohibited
in terms of section 26, unless the—
(a) provisions of sections 27 to 33 are applicable; or
(b) Regulator has granted an authorisation in terms of section 27(2),
in which case, subject to section 37 or 38, the conditions for the lawful processing of
personal information as referred to in Chapter 3 must be complied with.

(4) The processing of the personal information of a child is prohibited in terms of section 34, unless the—
(a) provisions of section 35(1) are applicable; or
(b) Regulator has granted an authorisation in terms of section 35(2),
in which case, subject to section 37, the conditions for the lawful processing of personal information as referred to in Chapter 3 must be complied with.

(5) The processing of the special personal information of a child is prohibited in terms
of sections 26 and 34 unless the provisions of sections 27 and 35 are applicable in which case, subject to section 37, the conditions for the lawful processing of personal information as referred to in Chapter 3 must be complied with.

(6) The conditions for the lawful processing of personal information by or for a
responsible party for the purpose of direct marketing by any means are reflected in
Chapter 3, read with section 69 insofar as that section relates to direct marketing by
means of unsolicited electronic communications.

(7) Sections 60 to 68 provide for the development, in appropriate circumstances, of codes of conduct for purposes of clarifying how the conditions referred to in subsection
(1), subject to any exemptions which may have been granted in terms of section 37, are to be applied, or are to be complied with within a particular sector.

Please follow and like us:

© 2022. Information Regulator South Africa / Terms and Conditions