Acts Online
GT Shield

Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Chapter 10 : Enforcement

89. Assessment



(1) The Regulator, on its own initiative, or at the request by or on behalf of the responsible party, data subject or any other person must make an assessment in the prescribed manner of whether an instance of processing of personal information complies with the provisions of this Act.


(2) The Regulator must make the assessment if it appears to be appropriate, unless, where the assessment is made on request, the Regulator has not been supplied with such information as it may reasonably require in order to—
(a) satisfy itself as to the identity of the person making the request; and
(b) enable it to identify the action in question.


(3) The matters to which the Regulator may have regard in determining whether it is appropriate to make an assessment include—
(a) the extent to which the request appears to it to raise a matter of substance;
(b) any undue delay in making the request; and
(c) whether or not the person making the request is entitled to make an application in terms of section 23 or 24 in respect of the personal information in question.


(4) If the Regulator has received a request under this section it must notify the requester—
(a) whether it has made an assessment as a result of the request; and
(b) to the extent that it considers appropriate, having regard in particular to any exemption which has been granted by the Regulator in terms of section 37 from section 23 or 24 applying in relation to the personal information concerned, of any view formed or action taken as a result of the request.