Once you no longer have a right to hold onto the file, you must “destroy or delete…or de-identify” the record as soon as practical. The process should render the data irretrievable.Condition : Further Processing LimitationConditions and aren’t the only processing limitations. Condition – Further Processing Limitation – continues to elaborate on how you can and can’t process data.
The main point noted here says
That you must only process data in ways compatible with the purpose you stated.How do you know if you can process data further? POPI requires you to consider the relationship between further processing and the original purpose, the nature of the information, potential consequences of further processing, how you collected the data, and any contractual rights.
You can always further process data if
The data subject consentedThe information came from the public recordThe law requires further processingThe processing is related to national securityCondition : Information QualityCondition says that you must take steps to ensure the data you collect and subsequently process is accurate and complete.Condition : OpennessOpenness refers to your responsibility under the Promotion of Access to Information Act.
Essentially, you must maintain strict
Documentation of all the processing activities you undertake Netherlands Telegram Data Additionally, you need to let data subjects know when you collect information. They should know:Where you collect informationWhere you don’t collect informationThe source of your informationYour company’s name and addressWhy you collect the data your purposeWhether the collection is voluntary or mandatoryWhat happens if the data subject doesn’t provide their dataLaws that allow data collectionIf and when you intend to send the data to a third countryThese must all be shared before you collect information from the data subject.
Condition requires you to have
A Privacy Policy that shares your data processing practices in detail WhatsApp Material Condition : Security SafeguardsCondition details the security measures POPI requires for personal information.It says that the responsible party must employ “appropriate, reasonable technical and organizational measures” designed to prevent both unlawful access and the loss or damage of the personal information.
To meet these obligations
You must perform a risk assessment test, ensure the maintenance of EG Lists safeguards, verify the effectiveness of the safeguards, and ensure new updates are provided to prevent new deficiencies or risks.The law also says that anyone processing personal information must also only first gain the knowledge of authorization of the responsible party and consider the information to be confidential.