All RE5 questions
POPIA Data Protection
In handling client personal information, an FSP acts as a 'responsible party' under POPIA. Which statement reflects a core POPIA obligation?
RE5 practice question with a worked answer. This is one of hundreds of FSCA RE5 questions in the RegulatoryExams question bank.
- a) Personal information must be processed lawfully, for a specific defined purpose, and kept secure.Correct
- b) Client data may be sold to any third party as long as it generates revenue.
- c) Consent is never required because financial services are exempt from POPIA.
- d) Personal information may be retained forever for any future marketing idea.
Why this is the answer
POPIA requires lawful, purpose-specific processing, data minimisation, security safeguards, and (often) consent. FSPs are not exempt; selling data freely or keeping it indefinitely for undefined purposes breaches the conditions for lawful processing.
Want to test yourself on 700+ more questions like this?
Start your free RE5 simulator today — timed mock exams, full answer explanations and cloud-synced progress tracking.