Skip to main content




South Africa's Protection of Personal Information Act (POPIA) aims to promote the protection of personal information processed by public and private bodies and to introduce certain conditions so as to establish minimum requirements for the processing of personal information. The version used in this section is POPIA 2021.


3A_11. Processing of personal information in general – Consent, justification and objection
310. Request user consent
3A_13. Purpose specification - Collection for specific purpose
189. Specify the purpose of data collection
3A_14. Purpose specification - Retention and restriction of records
360. Remove unnecessary sensitive information
3A_15. Further processing to be compatible with purpose of collection
315. Provide processed data information
3A_16. Quality of information
062. Define standard configurations
3A_18. Notification to data subject when collecting personal information
315. Provide processed data information
3A_19. Security measures on integrity and confidentiality of personal information
062. Define standard configurations
176. Restrict system objects
185. Encrypt sensitive information
229. Request access credentials
264. Request authentication
3A_21. Security measures regarding information processed by operator
161. Define secure default options
262. Verify third-party components
3A_23. Access to personal information
122. Validate credential ownership
228. Authenticate using standard protocols
229. Request access credentials
264. Request authentication
3A_24. Correction of personal information
316. Allow rectification requests
9_72. Transfers of personal information outside Republic
024. Transfer information using session objects
030. Avoid object reutilization
153. Out of band transactions
176. Restrict system objects
181. Transmit data using secure protocols
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.