In the age of (big) data being prevalent in virtually every business and most individuals’ day-to-day activities, ENSafrica’s data privacy and protection team are market leaders with unparalleled expertise and experience in providing proactive and reactive solutions for privacy compliance, data commercialisation, data philanthropy and data breach issues.

Compliance with data protection legislation, such as the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulations (GDPR) in the European Union, has resulted in major risks for businesses, with potential for fines, penalties, reputational loss and even jail time.

Our key differentiator is the proven experience and internationally recognised expertise of our data privacy law experts.

Another differentiator is our ENSafrica POPIA Toolkit, a comprehensive compliance programme which gives businesses clear direction on requirements and is a quick and cost-effective way for you to fast track your POPIA compliance and manage risk.

Over 200 years experience Over 600 practitioners 12 offices in 7 countries

Based on South African law requirements and global best practice, including the GDPR, it can be implemented as your Protection of Personal Information Policy and used by your Information Officer to meet their compliance duties.

We also assist with all aspects of data breach and security compromise management, because a security compromise could have severe operational, reputational and financial consequences for your business.

ENSafrica is recognised by top ranking agencies for achieving consistently high standards when working on the continent.

As Africa’s largest law firm with over 600 specialist practitioners, ENSafrica has the capacity to deliver on your business requirements across all major industries and the continent. We are able to leverage our resources to suit your pricing preferences and deliver within your timeframes.

strong expertise in data privacy and migration and online payment systems, as well as in the sector's regulatory regime
Chambers Global

what we offer

Taking into account that POPIA and GDPR both require proactive notification of data breach incidents, as well as requirements from the South African Reserve Bank and Cybercrimes legislation, we provide a holistic approach, focusing on:

  • Compliance (including comprehensive, world-class policies, procedures and contracts)
  • Training in data privacy, cybersecurity and social media
  • Handling of data breaches and security compromises
  • Data security concerns
  • E-mail and data reviews
  • All legal issues pertaining to the commercialisation of data using a myriad of technologies and technological solutions, including cloud computing, data transfers, data donation, artificial intelligence, offering (free) WiFi, the use of cookies, Internet of Things (IoT), devices, data mining, etc.

Our ENSafrica Toolkit covers:

  • Training and support for Information Officers
  • Training on POPIA and cybersecurity
  • Training and assistance on Privacy by Design
  • Identification and management of high risk areas and transactions (such as cloud computing)
  • Formulation and reviews of policies, such as Acceptable Use, Bring Your Own Device and Computer Security (including cloud security)
  • Questionnaires and templates for impact assessments (privacy and data privacy)
  • Template clauses for employee contracts, operator agreements and consent to marketing
  • POPIA Policy, including a “DOs and DO NOTs” list and policies (Personal Information Sharing, Security Compromises, Subject Access Request, Privacy (for website) and Record Retention)

We assist with data breach and security compromise management:

  • Training and implementing sound security compromises policies (including role identification and training, incident classification, and conducting simulated “fire drill” type security incidents)
  • Privacy Impact Assessments
  • Guidance after a security breach or incident, including steps to mitigate the impact
  • Communication to regulator or relevant authorities such as Reserve Bank and Police, and assistance with regulatory investigations
  • Communication to data subjects
  • Remediation steps
pull qote
they completely understand our business and industry as a whole, which makes dealing with them seamless and efficient
Chambers Global
Pull quote
Pull quote
they are excellent lawyers
Chambers FinTech
Pull quote
Pull quote
they are very knowledgeable and give thorough opinions, opinions you know you can trust
Chambers FinTech
Pull quote


Data privacy
Implementation of data privacy compliance programmes, as well as assistance and advice, at numerous national and multinational corporates, such as Absa, BMW Group, Broll, City Lodge Hotels, DHL, Discovery Group, First Rand Bank, Mercantile Bank, Nedbank, Parmalat, Pepkor, PPC, Public Investment Corporation, Rand Merchant Bank, Remgro, SASOL, South32, Unilever, Vodacom and VW.
Big data
Provision of assistance to numerous financial services, real estate and fintech clients regarding all aspects of using (big) data for commercial purposes and maneuvering through the complex myriad of laws affecting privacy and security while still achieving business objectives.
Data protection
Numerous data protection and related policies drafted for various entities, including Cape Union Mart, Deutsche Bank of South Africa, GroBank (South African Bank of Athens), Payments Association of South Africa and Public Investment Corporation (SOC) Ltd.
Security breaches
Security breach assistance provided to various clients, including dealing with and managing breaches, as well as data breach notifications to regulators.
Data privacy
Data privacy compliance assistance provided to international law firms, for their clients across Africa.
Provision of Information Officer training, including on POPIA and GDPR.
Privacy advice
Provision of advice to the Privacy Advisory Group to the United Nations Global Pulse, a body comprising of some of the world’s leading data privacy lawyers, regulators and academics, which we have been members of since 2014.
Data protection
Data protection training for companies such as BMW, Deutsche Bank of South Africa, Discovery Group, Enel Green Power, GroBank (South African Bank of Athens), Investec and Nedbank.
Data privacy
Opinions on complex data privacy issues provided to clients such as Absa, Allan Gray, Cash Credit, Commonwealth Bank of Australia, Indox, MoneyGram, Telkom and 3 Way Marketing.
GDPR advice
Provision of assistance to leading financial services providers and multinationals on General Data Protection Regulation (GDPR) applicability issues and (re)structuring of client operations to navigate away from the net GDPR application where possible.
I feel very very confident that we are working with the brightest minds
Chambers FinTech




African regulatory and business intelligence
banking and finance
Broad-based black economic empowerment (B-BBEE)
corporate commercial
dispute resolution
insolvency, business rescue and debt recovery
intellectual property (IP)
mine and occupational health and safety
private clients
private equity
pro bono and corporate social investment
project development and project finance
real estate / property
shipping, ports and logistics
technology, media and telecommunications