Eight Conditions of  POPIA

The POPI Act provides eight conditions for lawful processing. Think of these as legally binding principles that must underpin all processing of personal information within your business. (The S8 for example in Condition 1 refer to section 8 of the POPI Act, so does S9 refer to section 9, etc.).

Conditions for lawful processing.

  1. Condition 1: Accountability: S8 Responsible party to ensure conditions for lawful processing.
  2. Condition 2: Processing limitation: S9 Lawfulness of processing, S10 Minimality, S11 Consent, justification, and objection, S12 Collection directly from the data subject.
  3. Condition 3: Purpose specification: S13 Collection for a specific purpose, S14 Retention, and restriction of records.
  4. Condition 4: Further processing limitation: S15 Further processing to be compatible with the purpose of the collection.
  5. Condition 5: Information quality: S16 Quality of information.
  6. Condition 6: Openness: S17 Documentation, S18 Notification to the data subject when collecting personal information.
  7. Condition 7: Security safeguards: S19 Security measures on integrity and confidentiality of personal information, S20 Information processed by operator or persons acting under authority, S21 Security measures regarding information processed by an operator, S22 Notification of security compromises.
  8. Condition 8: Data subject participation: S23 Access to personal information, S24 Correction of personal information, S25 Manner of access.


Any additional information or concerns can be found and raised with the Information Regulator, who can be contacted as shared below, but please feel free to contact us first to discuss any questions or concerns you may have:

Website: https://www.justice.gov.za/inforeg/
Tel: 012 406 4818
Email: inforeg@justice.gov.za