Personal information is widely defined and includes almost all information about a living, identifiable person (and where applicable juristic persons), including race, gender, pregnancy, marital status, medical history, contact details, biometric information, their personal opinions amongst other information (note for POPIA purposes, personal information about a deceased person is not personal information). It does not include de-identified information.
Processing is also widely defined and includes almost anything one does with personal information, including, receiving or collecting it, storing it (electronically or physically), filing it, or destroying it.
A record means any recorded information regardless of the form in which it is recorded. So a record includes electronic and paper information, x-rays, photos, labels, drawings, graphs, maps, etc which is in the possession of the responsible party (whether or not they created it).
A responsible party means the person who determines the purpose and means for processing information. In the retirement funds context, it will be mainly retirement funds (and employers) that are responsible parties. Their service providers, such as administrators and consultants will be operators. Operators process information for, or on behalf of, responsible parties. As an example, a retirement fund determines how its operators will process the personal information of the fund’s members (and others). Thus, the fund enters into an administration agreement with the administrator determining the purposes for which that administrator will process personal information on its behalf.