Page 37 - PHi_Q&A_Eng-Digital.indd
P. 37

POPI allows you access to your personal
            information

            Damian Viviers
            September 2018

            “I run a small franchise electronics store. I collect basic personal information
            from our customers that we keep on file and use for marketing notifications
            to our customers. The other day an upset customer demanded to know what
            personal information we have of her and said that the POPI Act gave her the
            right  to request  a  complete  copy  of  her  personal  information  we  have. We   Commercial
            gave it to her, but I was just wondering whether she really has the right to ask
            for this?”

            The Protection of Personal Information  Act 4 of 2013 (“POPI”) was enacted
            to promote the constitutional right to privacy and align South Africa with the
            international community regarding information and data protection. Although
            POPI has not yet fully come into operation, is has been signed into law and it is
            only a matter of time before it comes into effect.
            POPI places an important responsibility on parties who collect, store, use and
            destroy  personal  information  (“responsible  parties”)  and  also  provides  rights
            and remedies to persons whose personal information is being processed
            (“data subjects”).
            POPI authorises data subjects to request access to the personal information
            held by a responsible party, as well as the amendment and deletion of such
            information under certain circumstances. Responsible parties are obliged, if so
            requested, to provide confirmation free of charge to data subjects that they hold
            their personal information, to provide a description of the personal information
            in question and to confirm the identity of all third parties or the categories of
            third parties who have received their personal information.
            Any such request from a data subject must be complied with –

            •  within a reasonable time;
            •  at a prescribed fee (may be levied before the actual record or description
               of the personal information is made available to the data subject);
            •  in a reasonable manner and format; and
            •  in a form that is generally understandable.
            Should a responsible party not wish to provide personal information to a data
            subject such refusal must be based on the same grounds for refusal as allowed
            under the Promotion of Access to Information Act 2 of 2000.

            Data subjects may, in terms of POPI, also request that their personal information




                                                                        31
   32   33   34   35   36   37   38   39   40   41   42