Fluid Attacks Database

POPIA

Last updated: 2023/09/18

South Africa's Protection of Personal Information Act (POPIA) aims to promote the protection of personal information processed by public and private bodies and to introduce certain conditions so as to establish minimum requirements for the processing of personal information. The version used in this section is POPIA 2021.

Control-Requirement Mapping

Definition	Requirements
3A_11. Processing of personal information in general – Consent, justification and objection	310. Request user consent
3A_13. Purpose specification - Collection for specific purpose	189. Specify the purpose of data collection
3A_14. Purpose specification - Retention and restriction of records	360. Remove unnecessary sensitive information
3A_15. Further processing to be compatible with purpose of collection	315. Provide processed data information
3A_16. Quality of information	062. Define standard configurations
3A_18. Notification to data subject when collecting personal information	315. Provide processed data information
3A_19. Security measures on integrity and confidentiality of personal information	176. Restrict system objects 185. Encrypt sensitive information 229. Request access credentials 264. Request authentication 062. Define standard configurations
3A_21. Security measures regarding information processed by operator	161. Define secure default options 262. Verify third-party components
3A_23. Access to personal information	122. Validate credential ownership 228. Authenticate using standard protocols 229. Request access credentials 264. Request authentication
3A_24. Correction of personal information	316. Allow rectification requests
9_72. Transfers of personal information outside Republic	153. Out of band transactions 176. Restrict system objects 181. Transmit data using secure protocols 024. Transfer information using session objects 030. Avoid object reutilization

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.