Tel: +27(0)861 26 26 24

What constitutes the lawful conditions for processing personal data?


POPIA defines eight conditions entities must adhere to when processing personal information throughout its lifecycle and throughout the entire organization. In brief, they are:

·      Accountability – ensure compliance in respect of all the personal information within your control;

·       Lawfulness – only collect personal information if it is adequate and non-excessive. You must have a legally justifiable reason for collecting personal information. Where possible, you must collect personal information directly from the data subject;

·       Purpose Specification – only collect personal information for a specific purpose, and you must not store it for longer than necessary to meet that purpose;

·       Further Processing Limitation – you may only process personal information for further purposes if they are compatible with the reason you collected it;

·       Information Quality – you must ensure the personal information you maintain is accurate and complete;

·       Openness – be transparent about how you provide personal information and provide consumers with a notice about how and why you process their personal information;

·       Security Safeguards – take reasonable steps to secure the personal information in your control, and you must report any data breaches as soon as reasonably possible;

·       Data Subject Participation – allow data subjects to access their personal information and correct or erase any inaccurate personal information.

POPIA places a general prohibition on the processing of particularly special personal information, but it is allowed to be processed on the following grounds:

·       with the consent of the data subject
·       to exercise or defend your legal rights or obligations
·       to comply with an obligation under international public law
·       for historical, statistical, or research purposes in the public interest
·       where the information has been made public by the data subject

B-Logic has developed a governance framework to assist mid-size enterprises to gauge the maturity of their IT organization, and in accordance develop an IT strategy to ensure stakeholder value. With a core focus on POPIA compliance, it enables organizations to ensure that it has the necessary framework consisting of processes, policies, technologies, and controls to govern the complexities of the legislation and overall IT good governance.

For more information, reach out to us at or contact your Service Manager.