By choosing to continue, you are consenting to the use and functioning of this site as is in accordance with our Privacy Policy.

select an area of expertise

data privacy and protection


strong expertise in data privacy and migration and online payment systems, as well as in the sector's regulatory regime
Chambers Global

In the age of (big) data being prevalent in virtually every business and most individuals’ day-to-day activities, ENSafrica’s data privacy and protection team are market leaders with unparalleled expertise and experience in providing proactive and reactive solutions for privacy compliance, data commercialisation, data philanthropy and data breach issues.

Compliance with data protection legislation, such as the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulations (GDPR) in the European Union, has resulted in major risks for businesses, with potential for fines, penalties, reputational loss and even jail time.

Our key differentiator is the proven experience and internationally recognised expertise of our data privacy law experts.

Another differentiator is our ENSafrica POPIA Toolkit, a comprehensive compliance programme which gives businesses clear direction on requirements and is a quick and cost-effective way for you to fast track your POPIA compliance and manage risk. Based on South African law requirements and global best practice, including the GDPR, it can be implemented as your Protection of Personal Information Policy and used by your Information Officer to meet their compliance duties.

We also assist with all aspects of data breach and security compromise management, because a security compromise could have severe operational, reputational and financial consequences for your business.

ENSafrica is recognised by top ranking agencies for achieving consistently high standards when working on the continent.

As Africa’s largest law firm with over 600 specialist practitioners, ENSafrica has the capacity to deliver on your business requirements across all major industries and the continent. We are able to leverage our resources to suit your pricing preferences and deliver within your timeframes.

what we offer

Taking into account that POPIA and GDPR both require proactive notification of data breach incidents, as well as requirements from the South African Reserve Bank and Cybercrimes legislation, we provide a holistic approach, focusing on:

  • Compliance (including comprehensive, world-class policies, procedures and contracts)
  • Training in data privacy, cybersecurity and social media
  • Handling of data breaches and security compromises
  • Data security concerns
  • E-mail and data reviews
  • All legal issues pertaining to the commercialisation of data using a myriad of technologies and technological solutions, including cloud computing, data transfers, data donation, artificial intelligence, offering (free) WiFi, the use of cookies, Internet of Things (IoT), devices, data mining, etc.

Our ENSafrica Toolkit covers:

  • Training and support for Information Officers
  • Training on POPIA and cybersecurity
  • Training and assistance on Privacy by Design
  • Identification and management of high risk areas and transactions (such as cloud computing)
  • Formulation and reviews of policies, such as Acceptable Use, Bring Your Own Device and Computer Security (including cloud security)
  • Questionnaires and templates for impact assessments (privacy and data privacy)
  • Template clauses for employee contracts, operator agreements and consent to marketing
  • POPIA Policy, including a “DOs and DO NOTs” list and policies (Personal Information Sharing, Security Compromises, Subject Access Request, Privacy (for website) and Record Retention)

We assist with data breach and security compromise management:

  • Training and implementing sound security compromises policies (including role identification and training, incident classification, and conducting simulated “fire drill” type security incidents)
  • Privacy Impact Assessments
  • Guidance after a security breach or incident, including steps to mitigate the impact
  • Communication to regulator or relevant authorities such as Reserve Bank and Police, and assistance with regulatory investigations
  • Communication to data subjects
  • Remediation steps