What is a data subject?

To gain an understanding of who a data subject is in the Protection of Personal Information (POPI) Act, one would find it defined as the person to whom the personal information relates. This definition does not give us any insights into who typically data subjects are in practice. Insights about this can be found in the definition of personal information where it starts by stating the following:

‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person ….

Here we see for the first time the grouping of data subjects into two key types: a living natural person, and an existing juristic person.

“A living natural person” implies that if the person has died their personal information no longer falls within the scope of the POPI Act.

“An existing juristic person” means a legal entity that has not ceased to exist. Once again by implication, if the juristic person ceases to exist its personal information no longer falls within the scope of the POPI Act.

There is no definition of a Juristic Person in the Act. A common definition is a social entity, a community or an association of people which has an independent right of existence under the law. It is sometimes referred to as an artificial person. Simple examples include a corporation, partnership or cooperative.

The simplest and most obvious categorisation of data subjects for business purposes would be in the context of the different types of people, natural or juristic, that a company works with. These types of people are clients, suppliers and staff.

One of the reasons the legislation is so pervasive is that virtually every company has these three types of data subjects to varying degrees which means they are all impacted by POPI in one way or another.

Further terminology and definitions will be covered in future articles by TOSMS.