Global Data and Cyber Handbook

South Africa

Select a Topic
Start Comparison
Key Definitions
Jump to
Key Definitions Start Comparison
Personal data

Last review date:  31 December 2024

POPIA defines "personal information" (as opposed to personal data) as information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including, but not limited to:

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, color, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
Sensitive/special personal data (including personal data subject to additional protections/ restrictions/breach notification obligations)

Last review date:  31 December 2024

Sensitive data includes:

☒         personal data revealing racial or ethnic origin

☒         personal data revealing political opinions

☒         personal data revealing religious or philosophical belief

☒         personal data revealing trade / professional union or association membership

☒         genetic data

☒         biometric data for the purpose of uniquely identifying a natural person or biometric templates

☒         data concerning health/medical information

☒         data concerning a natural person's sex life or sexual orientation

☒         personal data regarding an individual's criminal convictions or record

☒        other

The criminal behavior of a data subject to the extent that such information relates to any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

Controller vs Processor

Last review date:  31 December 2024

Do the privacy laws distinguish between controllers/owners and processors/agents? Whereby:

  • the controller/owner is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • the processor/agent is natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Answer: Yes.

POPIA uses different terminologies and differentiates between responsible parties and operators, which are akin to controllers and processors, respectively.

{{ $store.state.loadingScreen.message }} ...