This important term covers most activities in relation to personal information. It includes collection, storage, modification, deletion, distribution, publication, even organisation, retrieval and destruction. In short, any type of use of personal information is likely to constitute ‘processing’. A responsible party may only process personal information with the consent of, a data subject.
It is often the case that a third party will need personal information to carry out certain services for data subjects; patients will need to give their healthcare workers their personal information, students will need to give educators their personal information, online buyers will need to provide personal information to purchase goods and services online, and banks will need personal information to open bank accounts and even provide credit facilities. These third parties are called ‘responsible parties’.
There are other third parties that will need to process personal information, however they are not
responsible parties because they are carrying out the processing on behalf of the responsible party. These entities are called ‘operators’. They are not directly affected by the POPI Act unless the responsible party specifically incorporates the requirements of the Act in its contract for services from operators.