This website uses cookies to ensure you get the best experience. If you continue to use this site without changing your cookie settings we assume you consent to the use of cookies on this site.

select an area of expertise

data privacy and protection

print

Strong expertise in data privacy and migration and online payment systems, as well as in the sector's regulatory regime
Chambers Global Guide, 2020

In the age of (big) data being prevalent in virtually every business and most individuals’ day-to-day activities, ENSafrica’s data privacy and protection team are market leaders with unparalleled expertise and experience in providing proactive and reactive solutions for privacy compliance, data commercialisation, data philanthropy and data breach issues.

Compliance with data protection legislation, such as the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulations (GDPR) in the European Union, has resulted in major risks for businesses, with potential for fines, penalties, reputational loss and even jail time.

Our key differentiator is the proven experience and internationally recognised expertise of our data privacy law experts.

Another differentiator is our ENSafrica POPIA toolkit, a comprehensive compliance programme which gives businesses clear direction on requirements and is a quick and cost-effective way for you to fast track your POPIA compliance and manage risk. Based on South African law requirements and global best practice, including the GDPR, it can be implemented as your Protection of Personal Information Policy and used by your Information Officer to meet  their compliance duties.

We also assist with all aspects of data breach and security compromise management, because a security compromise could have severe operational, reputational and financial consequences for your business.

We have the unique advantage, as part of Africa’s largest law firm, of being able to harness the expertise of more than 600 practitioners throughout the continent. ENSafrica has a significant breadth and depth of experience and specialist expertise that spans all commercial areas of law, tax, forensics and IP.

As such, we regularly partner with specialists across the firm, meaning that we are able to assist with all aspects of all matters across all sectors in all African jurisdictions, ensuring that your legal requirements are handled quickly and seamlessly.

what we offer

Taking into account that POPIA and GDPR both require proactive notification of data breach incidents, as well as requirements from the South African Reserve Bank and Cybercrimes legislation, we provide a holistic approach, focusing on:

  • Compliance (including comprehensive, world-class policies, procedures and contracts)
  • Training in data privacy, cybersecurity and social media
  • Handling of data breaches and security compromises
  • Data security concerns
  • E-mail and data reviews
  • All legal issues pertaining to the commercialisation of data using a myriad of technologies and technological solutions, including cloud computing, data transfers, data donation, artificial intelligence, offering (free) WiFi, the use of cookies, Internet of Things (IoT), devices, data mining, etc.

Our ENSafrica Toolkit covers:

  • Training and support for information officers
  • Training on POPIA and cybersecurity
  • Training and assistance on Privacy by Design
  • Identification and management of high risk areas and transactions (such as cloud computing)
  • Formulation and reviews of policies, such as Acceptable Use, Bring Your Own Device and Computer Security (including cloud security)
  • Questionnaires and templates for impact assessments (privacy and data privacy)
  • Template clauses for employee contracts, operator agreements and consent to marketing
  • POPIA Policy, including a “DOs and DO NOTs” list and policies (Personal Information Sharing, Security Compromises, Subject Access Request, Privacy (for website) and Record Retention)

We assist with data breach and security compromise management:

  • Training and implementing sound security compromises policies (including role identification and training, incident classification, and conducting simulated “fire drill” type security incidents)
  • Privacy Impact Assessments
  • Guidance after a security breach or incident, including steps to mitigate the impact
  • Communication to regulator or relevant authorities such as Reserve Bank and Police, and assistance with regulatory investigations
  • Communication to data subjects
  • Remediation steps

experience

Data privacy
Implementation of data privacy compliance programmes, as well as assistance and advice, at numerous national and multinational corporates, such as ABSA, BMW Group, Broll, City Lodge Hotels, DHL, Discovery Group, First Rand Bank, Mercantile Bank, Nedbank, Parmalat, Pepkor, PPC, Public Investment Corporation, Rand Merchant Bank, Remgro, SASOL, South32, Unilever, Vodacom and VW.
Data protection
Numerous data protection and related policies drafted for various entities, including Cape Union Mart, Deutsche Bank of South Africa, GroBank (South African Bank of Athens), Payments Association of South Africa and Public Investment Corporation (SOC) Ltd.
Data privacy
Data privacy compliance assistance provided to international law firms, for their clients across Africa.
Privacy advice
Provision of advice to the Privacy Advisory Group to the United Nations Global Pulse, a body comprising some of the world’s leading data privacy lawyers, regulators and academics, of which we have been members of since 2014.
Data privacy
Opinions on complex data privacy issues provided to clients such as Absa, Allan Gray, Cash Credit, Commonwealth Bank of Australia, Indox, MoneyGram, Telkom and 3 Way Marketing.
Big data
Provision of assistance to numerous financial services, real estate and fintech clients regarding all aspects of using (big) data for commercial purposes and maneuvering through the complex myriad of laws affecting privacy and security while still achieving business objectives.
Security breaches
Security breach assistance provided to various clients, including dealing with and managing breaches, as well as data breach notifications to regulators.
Training
Provision of Information Officer training, including on POPIA and GDPR.
Data protection
Data protection training for companies such as BMW, Deutsche Bank of South Africa, Discovery Group, Enel Green Power, GroBank (South African Bank of Athens), Investec and Nedbank.
GDPR advice
Provision of assistance to leading financial services providers and multinationals on General Data Protection Regulation (GDPR) applicability issues and (re)structuring of client operations to navigate away from the net GDPR application where possible.