scroll button
scroll to top
ENSafrica icon

credible differENS

diagram diagram

Our Data Privacy and Protection team includes senior lawyers who have longstanding experience in data privacy law, and we have had representation on the United Nations Global Pulse Data Privacy and AI Expert Group for many years.

Each of our team members is an expert in a very specific area of data privacy law, which enables us to work together to offer robust, practical solutions that cover the key requirements of data privacy law.

For example, we pioneered the Protection of Personal Information (POPIA) Toolkit, a comprehensive programme which is a cost-effective way to fast track your continued POPIA compliance and manage risk.

Our African footprint enables us to offer you a seamless service covering the whole of Africa. We specialise in handling and co-ordinating even the most complex in-country, cross-border and multi-jurisdictional requirements quickly, efficiently and with excellence.

One of the many benefits of our continent-wide approach is that, no matter how many countries your project spans, you can always interact with a single point of contact at ENSafrica.


We guide you through your entire data privacy and protection journey, from conducting impact assessments to negotiating agreements to be compliant with data privacy laws, preventing and responding to security compromises, data breaches and cyber-attacks, as well as dealing with all aspects of regulatory enforcement action and civil litigation stemming from breaches of data privacy laws.

We are leaders in assisting clients with data commercialisation requirements, especially regarding navigating the complex myriad of laws affecting the sharing of data and personal information.

We have particularly strong expertise in guiding clients in complex fields such as the acquisition and sharing of databases (both in-country and trans-border), electronic/digital marketing, data privacy in Mergers and Acquisitions transactions, cloud computing, outsourcing and other business transactions.

We provide advice on developing and implementing data privacy compliance programmes. This includes conducting gap analyses (including personal information impact assessments) to understand your processing activities and recommend measures to ensure compliance with the law.
Our Protection of Personal Information Act (POPIA) Toolkit for South Africa includes standard and bespoke data protection and related policies for all entities who want to fast track their POPIA compliance or assist with their ongoing POPIA compliance efforts and mitigate risk.
We regularly advise on data privacy laws, including on how to achieve business objectives in compliance with laws. Our advice includes the application of POPIA, appointment of information officers, obtaining of consent, further processing considerations, classification of operators and responsible parties, reporting security compromises, applications for prior authorisation, direct marketing campaigns and transborder transfers of personal information.
We provide training and advice on your legal obligations when engaging in direct marketing activities, including sending direct marketing communications, how to obtain consent in a practical way, how to manage databases, etc.
We provide comprehensive cyber and data breach advice and assistance, including practical, tailor-made incident response plans, data breach readiness coaching, post-breach services for breach response and mitigation of liability, breach notifications and regulatory investigations. We also provide comprehensive cyber insurance policy coverage advice.
We provide assistance with all aspects pertaining to possible action by Regulators, or civil damages claims and data breach litigation, arising from possible breaches of data protection laws and particularly allegations of non-compliance with POPIA.
We train information officers and deputy information officers on POPIA and the EU General Data Protection Regulation (GDPR), and we also provide general training on POPIA, privacy by design, social media, data breach response, cybersecurity awareness and privacy impact assessments.
We provide advice regarding using big data for commercial purposes, and regarding achieving business objectives while manoeuvring through the complex myriad of laws affecting privacy and security.
Data is indeed the new oil and we provide advice on how to “mine” it lawfully, including the use of privacy policies and data sharing agreements.
We assist with data privacy compliance, including GDPR applicability issues and the structuring and restructuring of client operations to navigate away from the net GDPR application where possible. We also tailor GDPR and other jurisdiction-specific policies for compliance with POPIA.
We regularly engage with the South African Information Regulator, including making representations on behalf of clients in respect of specific compliance elements, providing written responses to draft regulations, guidance notes and guidelines, reporting security compromise incidents, and so on.
very available and responsive
Chambers Global Guide
icon: your team

your team

icon: awards

awards and rankings

ENSafrica is recognised by leading international ranking agencies, including Chambers Global, Legal 500, IFLR1000 and the World Tax Guide, for achieving consistently high standards.

Furthermore, the firm is a regular recipient of regional awards such as DealMakers and has twice received the TMT Team of the Year Award at the African Legal Awards.

Chambers award Legal500 award Africa Legal Awards award Dealmakers award
pull quote
immaculate attention to detail and prompt delivery under tight deadlines
Chambers Global Guide
pull quote
pull quote
high quality service and useful, practical advice
Chambers Global Guide
pull quote
pull quote
strong expertise in data privacy
Chambers Global Guide
pull quote
pull quote
they also take the time to understand the client’s business and tailor their advice accordingly
Legal 500 EMEA Guide
pull quote
pull quote
high quality legal analysis
Legal 500 EMEA Guide
pull quote
icon: expertise


Data privacy 
Policies and 
Policy reviews Operator agreements Consent requests Joint data 
processing contracts
sharing agreements
data transfer
corporate rules
Record retention Data subject 
access request
Privacy impact 
Direct marketing Use of cookies Data breach 
data transfers
Prior authorisation Codes of conduct Cyber insurance 
and security
Data breach response Data 
Regulator notifications Regulator investigations Privacy by design Training Regulatory enforcement Civil litigation
icon: experiENS icon: experiENS


Data privacy advice provided to major African mining companies, international car manufacturers, various large local and international retail groups, local and international telecommunication service providers, major media companies, investment holding companies, a gaming and entertainment group, local and international logistic and courier companies, international law firms and other organisations. The advice included data privacy compliance programmes, personal information impact assessments and compliance gap analysis, as well as complex data privacy issues such as direct marketing consents, responsible parties versus operators, liability of information officers, prior authorisation and intergroup sharing of data.
Big data advice provided to large telecommunication service providers, major media companies and fintech companies, including all aspects of using big data for commercial purposes and compliance with laws affecting privacy and security.
Data protection advice, including related agreements, policies and procedure documents, provided to major local and international banks, global social media and messenger platform providers, various large retail groups, a telecommunication service provider, major media companies, investment holding companies, and a gaming and entertainment group.
Security breach assistance provided to major retailers, mining companies, banks, technology and telecommunication companies, as well as lifestyle and fitness companies. This included managing and responding to breaches, regulatory investigations, and data / cyber breach notifications to regulators and data subjects.
Acted for a variety of corporate entities against former employees involved in theft of data, and advised on steps to reduce reputational and other damage. This included representing a large corporate in urgent court proceedings to preserve and recover data stolen during a data breach.
Promotion of Access to Information Act (PAIA) and Protection of Personal Information Act (POPIA) advice provided to multinational retailers, international vehicle manufacturers, local and international telecommunication service providers, major media companies, investment holding companies, local and international logistic and courier companies, and large mining companies, regarding requests made to these organisations for information.
Training of staff, management and information officers on POPIA and General Data Protection Regulation (GDPR), including marketing, HR, IT, intergroup data sharing, cross-border data sharing, policy implementation and managing data breach incidents.
Since 2014, ENSafrica has been part of the United Nations Global Pulse Data Privacy and AI Expert Group, a body comprising some of the world’s leading data privacy lawyers, regulators and academics.
Preparation and implementation of comprehensive incident response plans for a multinational oil and gas company, major retailers and a large telecommunication service provider.
Opinions on wording, coverage, reinsurance and interpretation of insurance policies (including cyber coverage wording) for major retailers, an international mining company and a large telecommunication service provider.
icon: news