POPIA prior authorisation applications are open

POPIA prior authorisation applications are open

The POPIA Information Regulator has published guidelines in respect of applications to obtain approval to process certain personal information for which “prior approval” is specifically required in terms of the POPI Act.

In terms of POPIA, responsible parties have to obtain prior authorisation from the Information Regulator to process the following personal information:

  • unique identifiers of data subjects-
    1. for a purpose other than the one for which the identifier was specifically intended at collection; and
    2. with the aim of linking the information together with information processed by other responsible parties.
  • criminal behaviour or on unlawful or objectionable conduct of data subjects on behalf of third parties;
  • credit-reporting;
  • transfer of the special personal information or personal information of children, to a third party in a foreign country that does not provide an adequate level of protection for the processing of personal information; and
  • any other types of information processing by law or regulation, which the Information Regulator may, from time to time, consider to carry a particular risk for the legitimate interests of data subjects.

In the absence of a Code of Conduct having been issued by the Regulator and coming into force in a specific sector or industry in which a business operates, all businesses who are currently processing or plan to process the above-mentioned personal information of data subjects are hereby invited to submit their prior authorisation applications. 

Companies may submit their applications for prior authorisation by completing the application form.