Acts Online
GT Shield

Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Chapter 3 : Conditions for Lawful Processing of Personal Information

Part A : Processing of personal information in general

Condition 8 : Data subject participation

24. Correction of personal information

 

 

(1) A data subject may, in the prescribed manner, request a responsible party to—
(a) correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
(b) destroy or delete a record of personal information about the data subject that the responsible party is no longer authorised to retain in terms of section 14.

 

(2) On receipt of a request in terms of subsection (1) a responsible party must, as soon as reasonably practicable—
(a) correct the information;
(b) destroy or delete the information;
(c) provide the data subject, to his or her satisfaction, with credible evidence in support of the information; or
(d) where agreement cannot be reached between the responsible party and the data subject, and if the data subject so requests, take such steps as are reasonable in the circumstances, to attach to the information in such a manner that it will always be read with the information, an indication that a correction of the information has been requested but has not been made.

 

(3) If the responsible party has taken steps under subsection (2) that result in a change to the information and the changed information has an impact on decisions that have been or will be taken in respect of the data subject in question, the responsible party must, if reasonably practicable, inform each person or body or responsible party to whom the personal information has been disclosed of those steps.

 

(4) The responsible party must notify a data subject, who has made a request in terms of subsection (1), of the action taken as a result of the request.