/****** Collapsing Nested Menu Items | Code by Elegant Themes ******/


  1. Accountability – An organisation must ensure compliance with the provisions of POPIA. Ensure that contractual arrangements with third parties which process personal information on behalf of the organisation are adequate.


  1. Processing Limitation Obligation – An organisation may collect, use or disclose personal information for purposes that a reasonable person would consider appropriate.


  1. Purpose Limitation Obligation – An organisation may only process personal information for a specific, explicitly defined and lawful purpose related to its function or activity.


  1. Notification Obligation – An organisation must notify the data subject of the purpose(s) for which it intends to collect, use or disclose the personal information before such collection, use or disclosure.


  1. Access and correction obligation – An organisation must, upon request, provide a data subject with his or her personal information and correct any errors or omissions.


  1. Accuracy Obligation – An organisation must ensure that personal information collected by or on its behalf is accurate, complete and not misleading in any way.


  1. Retention Limitation Obligation – An organisation must only retain personal information where there is no legal or business reason to do so.


  1. Transfer Limitation Obligation – An organisation must ensure that personal information is only transferred to international jurisdictions that have a comparable standard of data protection.


  1. Openness Obligation – An organisation must amend its Information Manual in terms of the Promotion of Access to Information Act to document how personal information is collected, used or disclosed in addition to how it is protected.


  1. Protection Obligation – An organisation must protect personal information (whether in electronic or other form) in its possession or under its control.

– Melanie Hart, Director, Beech Veltman Inc.