data privacy and protection
In the age of (big) data being prevalent in virtually every business and most individuals’ day-to-day activities, ENSafrica’s data privacy and protection team are market leaders with unparalleled expertise and experience in providing proactive and reactive solutions for privacy compliance, data commercialisation, data philanthropy and data breach issues.
Compliance with data protection legislation, such as the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulations (GDPR) in the European Union, has resulted in major risks for businesses, with potential for fines, penalties, reputational loss and even jail time.
Our key differentiator is the proven experience and internationally recognised expertise of our data privacy law experts.
Another differentiator is our ENSafrica POPIA toolkit, a comprehensive compliance programme which gives businesses clear direction on requirements and is a quick and cost-effective way for you to fast track your POPIA compliance and manage risk. Based on South African law requirements and global best practice, including the GDPR, it can be implemented as your Protection of Personal Information Policy and used by your Information Officer to meet their compliance duties.
We also assist with all aspects of data breach and security compromise management, because a security compromise could have severe operational, reputational and financial consequences for your business.
We have the unique advantage, as part of Africa’s largest law firm, of being able to harness the expertise of more than 600 practitioners throughout the continent. ENSafrica has a significant breadth and depth of experience and specialist expertise that spans all commercial areas of law, tax, forensics and IP.
As such, we regularly partner with specialists across the firm, meaning that we are able to assist with all aspects of all matters across all sectors in all African jurisdictions, ensuring that your legal requirements are handled quickly and seamlessly.
what we offer
Taking into account that POPIA and GDPR both require proactive notification of data breach incidents, as well as requirements from the South African Reserve Bank and Cybercrimes legislation, we provide a holistic approach, focusing on:
- Compliance (including comprehensive, world-class policies, procedures and contracts)
- Training in data privacy, cybersecurity and social media
- Handling of data breaches and security compromises
- Data security concerns
- E-mail and data reviews
Our ENSafrica Toolkit covers:
- Training and support for information officers
- Training on POPIA and cybersecurity
- Training and assistance on Privacy by Design
- Identification and management of high risk areas and transactions (such as cloud computing)
- Formulation and reviews of policies, such as Acceptable Use, Bring Your Own Device and Computer Security (including cloud security)
- Questionnaires and templates for impact assessments (privacy and data privacy)
- Template clauses for employee contracts, operator agreements and consent to marketing
- POPIA Policy, including a “DOs and DO NOTs” list and policies (Personal Information Sharing, Security Compromises, Subject Access Request, Privacy (for website) and Record Retention)
We assist with data breach and security compromise management:
- Training and implementing sound security compromises policies (including role identification and training, incident classification, and conducting simulated “fire drill” type security incidents)
- Privacy Impact Assessments
- Guidance after a security breach or incident, including steps to mitigate the impact
- Communication to regulator or relevant authorities such as Reserve Bank and Police, and assistance with regulatory investigations
- Communication to data subjects
- Remediation steps