We also need to understand some key terms and definitions which will be referred throughout the course and within the Act itself. The fill Act can be found here: Protection of Personal Information Act, 2013.

Table 2: Definition Table

Term or Definition


Automated means

means any equipment capable of operating automatically in response to instructions given for the purpose of processing information


means a technique of personal identification that is based on:

·         physical,

·         physiological or behavioural characterisation including:

o   blood typing,

o   fingerprinting,

o   DNA analysis,

o   retinal scanning and

o   voice recognition


means a natural person under the age of 18 years who is not

legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him or herself;

Code of conduct

A code of conduct or code of ethics is a collection of norms, rules and regulations that include what is and is not acceptable or expected behaviour in which members must adhere. It is binding on their members and self-regulation in the public interest. Examples of this would be per industry sector i.e. The Institute of Management Consultants South Africa or The South African Institute of Chartered Accountants (SAICA)

Data subject

The person(s) to whom personal information relates.


In relation to personal information of a data subject, means

to delete any information that:

·         identifies the data subject;

·         can be used or manipulated by a reasonably foreseeable method to identify the data subject; or

·         can be linked by a reasonably foreseeable method to other information that is identifies the data subject,

·         and ‘‘de-identified’’ has a corresponding meaning.

Direct marketing

Means to approach a data subject, either in person or

by mail or electronic communication, for the direct or indirect purpose of—

·         promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or

·         requesting the data subject to make a donation of any kind for any reason.

Electronic communication’

means any:

·         text,

·         voice,

·         sound or

·         image

·         message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient

Filing system

means any structured set of personal information,

whether centralised, decentralised or dispersed on a functional or geographical basis, which is accessible according to specific criteria


An operator is a person who processes personal information for or on behalf of a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.

Personal information

means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

·         information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

·         information relating to the education or the medical, financial, criminal or employment history of the person;

·         any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

·         the biometric information of the person;

·         the personal opinions, views or preferences of the person;

·         correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

·         the views or opinions of another individual about the person; and

·         the name of the person if it appears with other personal information

·         relating to the person or if the disclosure of the name itself would reveal information about the person;


means any operation or activity or any set of operations,

whether or not by automatic means, concerning personal information, including:

·         the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

·         dissemination by means of transmission, distribution or making available in any other form; or

·         merging, linking, as well as restriction, degradation, erasure or destruction of information;

Promotion of Access to Information Act (PAIA)

Means the Promotion of

Access to Information Act, 2000 (Act No. 2 of 2000). Is South Africa’s access to information law and it enables people to gain access to information held by both public and private bodies.

Public record

means a record that is accessible in the public domain

and which is in the possession of or under the control of a public body, whether or not it was created by that public body


Record means any information that is recorded in any format that is in the possession or under control of a responsible party, regardless of who made the record and when the record came into existence.  Records may include:

·         writing on any material

·         book, map, plan, graph or drawing

·         information produced,

·         recorded or stored by means of any tape-recorder

·         computer equipment,

·         whether hardware or software or both, or other devices.


The body responsible to enforce compliance to the POPI regulations


in relation to personal information of a data subject,

means to resurrect any information that has been de-identified, that identifies the data subject;

can be used or manipulated by a reasonably foreseeable method to identify the data subject; or

can be linked by a reasonably foreseeable method to other information that identifies the data subject

Responsible party

A private or public body or any other person, which alone, or in conjunction with others, determines why and how to process and the purpose of and means for processing personal information

Transborder flow

A responsible party in the Republic may not transfer personal information about a data subject to a third party who is in a foreign country unless certain conditions are met.

Unique identifier

means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party

Scroll to Top