Responding to Access and Correction Requests is an important part of protecting personal data under South African privacy laws. When a person wants to see the information an organisation holds about them, or asks to fix mistakes in their data, the organisation must respond correctly and quickly.

Access requests, also called data subject access requests, give individuals the right to know what personal information is collected, stored, or shared by an organisation. Correction requests allow people to ask for their data to be updated or fixed if it is inaccurate, incomplete, or out of date.
It is important to have a clear process in place for handling these requests. This helps build trust and shows respect for people’s privacy rights. The Protection of Personal Information Act (POPIA) says organisations must respond without unreasonable delay, usually within 30 days.
Responding on time is essential. If you need more time due to complexity, inform the requester and explain the delay.
When correcting data, take care to verify the new information before making changes. Inform all other systems or partners who hold the same data to keep records consistent.
Training staff to recognise and handle access and correction requests is also important. Clear guidelines help prevent mistakes and protect personal data.
In summary, responding to access and correction requests shows respect for individual privacy rights and helps comply with POPIA. Organisations must act quickly and carefully, ensuring data is accurate and only shared with the right people.
Live Scenario • Active Situation
You are a Data Privacy Officer at a South African financial firm.
There is no single perfect answer. Choose what you would do in this situation.