Acts Online
GT Shield

Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Chapter 3 : Conditions for Lawful Processing of Personal Information

Part A : Processing of personal information in general

Condition 8 : Data subject participation

23. Access to personal information

 

 

(1) A data subject, having provided adequate proof of identity, has the right to—
(a) request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject; and
(b) request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information—
(i) within a reasonable time;
(ii) at a prescribed fee, if any;
(iii) in a reasonable manner and format; and
(iv) in a form that is generally understandable.

 

(2) If, in response to a request in terms of subsection (1), personal information is communicated to a data subject, the data subject must be advised of the right in terms of section 24 to request the correction of information.

 

(3) If a data subject is required by a responsible party to pay a fee for services provided to the data subject in terms of subsection (1)(b) to enable the responsible party to respond to a request, the responsible party—
(a) must give the applicant a written estimate of the fee before providing the services; and
(b) may require the applicant to pay a deposit for all or part of the fee.

 

(4)

(a) A responsible party may or must refuse, as the case may be, to disclose any information requested in terms of subsection (1) to which the grounds for refusal of access to records set out in the applicable sections of Chapter 4 of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information Act apply.
(b) The provisions of sections 30 and 61 of the Promotion of Access to Information Act are applicable in respect of access to health or other records.

 

(5) If a request for access to personal information is made to a responsible party and part of that information may or must be refused in terms of subsection (4)(a), every other part must be disclosed.