-
Quick Access
-
POPIA
-
-
-
- Section 26 Prohibition on processing of special personal information
- Section 27 General authorisation concerning special personal information
- Section 28 Authorisation concerning data subject’s religious or philosophical beliefs
- Section 29 Authorisation concerning data subject’s race or ethnic origin
- Section 30 Authorisation concerning data subject’s trade union membership
- Section 31 Authorisation concerning data subject’s political persuasion
- Section 32 Authorisation concerning data subject’s health or sex life
- Section 33 Authorisation concerning data subject’s criminal behaviour or biometric information
-
-
-
- Section 39 Establishment of Information Regulator
- Section 40 Powers, duties and functions of Regulator
- Section 41 Appointment, term of office and removal of members of Regulator
- Section 42 Vacancies
- Section 43 Powers, duties and functions of Chairperson and other members
- Section 44 Regulator to have regard to certain matters
- Section 45 Conflict of interest
- Section 46 Remuneration, allowances, benefits and privileges of members
- Section 47 Staff
- Section 48 Powers, duties and functions of chief executive officer
- Section 49 Committees of Regulator
- Section 50 Establishment of Enforcement Committee
- Section 51 Meetings of Regulator
- Section 52 Funds
- Section 53 Protection of Regulator
- Section 54 Duty of confidentiality
- Show all articles ( 1 ) Collapse Articles
-
-
- Section 60 Issuing of codes of conduct
- Section 61 Process for issuing codes of conduct
- Section 62 Notification, availability and commencement of code of conduct
- Section 63 Procedure for dealing with complaints
- Section 64 Amendment and revocation of codes of conduct
- Section 65 Guidelines about codes of conduct
- Section 66 Register of approved codes of conduct
- Section 67 Review of operation of approved code of conduct
- Section 68 Effect of failure to comply with code of conduct
-
- Section 73 Interference with protection of personal information of data subject
- Section 74 Complaints
- Section 75 Mode of complaints to Regulator
- Section 76 Action on receipt of complaint
- Section 77 Regulator may decide to take no action on complaint
- Section 78 Referral of complaint to regulatory body
- Section 79 Pre-investigation proceedings of Regulator
- Section 80 Settlement of complaints
- Section 81 Investigation proceedings of Regulator
- Section 82 Issue of warrants
- Section 83 Requirements for issuing of warrant
- Section 84 Execution of warrants
- Section 85 Matters exempt from search and seizure
- Section 86 Communication between legal adviser and client exempt
- Section 87 Objection to search and seizure
- Section 88 Return of warrants
- Section 89 Assessment
- Section 90 Information notice
- Section 91 Parties to be informed of result of assessment
- Section 92 Matters referred to Enforcement Committee
- Section 93 Functions of Enforcement Committee
- Section 94 Parties to be informed of developments during and result of investigation
- Section 95 Enforcement notice
- Section 96 Cancellation of enforcement notice
- Section 97 Right of appeal
- Section 98 Consideration of appeal
- Section 99 Civil remedies
- Show all articles ( 12 ) Collapse Articles
-
- Section 100 Obstruction of Regulator
- Section 101 Breach of confidentiality
- Section 102 Obstruction of execution of warrant
- Section 103 Failure to comply with enforcement or information notices
- Section 104 Offences by witnesses
- Section 105 Unlawful acts by responsible party in connection with account number
- Section 106 Unlawful acts by third parties in connection with account number
- Section 107 Penalties
- Section 108 Magistrate’s Court jurisdiction to impose penalties
- Section 109 Administrative fines
-
PAIA
-
Print
Section 57 Processing subject to prior authorisation
- The responsible party must obtain prior authorisation from the Regulator, in terms of section 58, prior to any processing if that responsible party plans to—
- process any unique identifiers of data subjects —
- for a purpose other than the one for which the identifier was specifically intended at collection; and
- with the aim of linking the information together with information processed by other responsible parties;
- process information on criminal behaviour or on unlawful or objectionable conduct on behalf of third parties;
- process information for the purposes of credit reporting; or
- transfer special personal information, as referred to in section 26, or the personal information of children as referred to in section 34, to a third party in a foreign country that does not provide an adequate level of protection for the processing of personal information as referred to in section 72.
- process any unique identifiers of data subjects —
- The provisions of subsection (1) may be applied by the Regulator to other types of information processing by law or regulation if such processing carries a particular risk for the legitimate interests of the data subject.
- This section and section 58 are not applicable if a code of conduct has been issued and has come into force in terms of Chapter 7 in a specific sector or sectors of society.
- A responsible party must obtain prior authorisation as referred to in subsection (1) only once and not each time that personal information is received or processed, except where the processing departs from that which has been authorised in accordance with the provisions of subsection (1).