scroll button
scroll to top
ENS icon

credible difference

We are legal experts in data privacy and data protection in Africa, with deep specialisation in cybersecurity and data breach response, as well as the Protection of Personal Information Act (POPIA), the Promotion of Access to Information Act (PAIA) and the General Data Protection Regulation (GDPR). We are honoured to be part of the United Nations Global Pulse Data Privacy and AI Expert Group.


diagram diagram

Each of our team members is an expert in a very specific area of data privacy law, which enables us to work together to offer robust, practical solutions that cover the key requirements of data privacy law.

For example, we pioneered the Protection of Personal Information (POPIA) Toolkit, a comprehensive programme which is a cost-effective way to fast track your continued POPIA compliance and manage risk.

Multi-jurisdictional businesses face significant risks, as well as the challenge of complying with vastly different laws and regulations.

We are Africa’s largest law firm, with offices in Eastern, Southern and Western Africa.

With more than 600 specialist practitioners, we have deep expertise and the capacity to solve all your legal, tax, forensics and IP requirements, and help you navigate regulatory hurdles, no matter where in Africa you do business.

Because we have had many years of practical experience working on the ground throughout the continent, we have developed a proven track record and a solid understanding of local cultural, commercial and geopolitical contexts, as well as long-standing partnerships with trusted firms with whom we work.


We guide you through your entire data privacy and protection journey, from conducting impact assessments to negotiating agreements to be compliant with data privacy laws, preventing and responding to security compromises, data breaches and cyber-attacks, as well as dealing with all aspects of regulatory enforcement action and civil litigation stemming from breaches of data privacy laws.

We are leaders in assisting clients with data commercialisation requirements, especially regarding navigating the complex myriad of laws affecting the sharing of data and personal information.

We have particularly strong expertise in guiding clients in complex fields such as the acquisition and sharing of databases (both in-country and trans-border), electronic/digital marketing, data privacy in Mergers and Acquisitions transactions, cloud computing, outsourcing and other business transactions.

We provide advice on developing and implementing data privacy compliance programmes. This includes conducting gap analyses (including personal information impact assessments) to understand your processing activities and recommend measures to ensure compliance with the law.
Our Protection of Personal Information Act (POPIA) Toolkit for South Africa includes standard and bespoke data protection and related policies for all entities who want to fast track their POPIA compliance or assist with their ongoing POPIA compliance efforts and mitigate risk.
We regularly advise on data privacy laws, including on how to achieve business objectives in compliance with laws. Our advice includes the application of POPIA, appointment of information officers, obtaining of consent, further processing considerations, classification of operators and responsible parties, reporting security compromises, applications for prior authorisation, direct marketing campaigns and transborder transfers of personal information.
We provide training and advice on your legal obligations when engaging in direct marketing activities, including sending direct marketing communications, how to obtain consent in a practical way, how to manage databases, etc.
We provide comprehensive cyber and data breach advice and assistance, including practical, tailor-made incident response plans, data breach readiness coaching, post-breach services for breach response and mitigation of liability, breach notifications and regulatory investigations. We also provide comprehensive cyber insurance policy coverage advice.
We provide assistance with all aspects pertaining to possible action by Regulators, or civil damages claims and data breach litigation, arising from possible breaches of data protection laws and particularly allegations of non-compliance with POPIA.
We train information officers and deputy information officers on POPIA and the EU General Data Protection Regulation (GDPR), and we also provide general training on POPIA, privacy by design, social media, data breach response, cybersecurity awareness and privacy impact assessments.
We provide advice regarding using big data for commercial purposes, and regarding achieving business objectives while manoeuvring through the complex myriad of laws affecting privacy and security.
Data is indeed the new oil and we provide advice on how to “mine” it lawfully, including the use of privacy policies and data sharing agreements.
We assist with data privacy compliance, including GDPR applicability issues and the structuring and restructuring of client operations to navigate away from the net GDPR application where possible. We also tailor GDPR and other jurisdiction-specific policies for compliance with POPIA.
We regularly engage with the South African Information Regulator, including making representations on behalf of clients in respect of specific compliance elements, providing written responses to draft regulations, guidance notes and guidelines, reporting security compromise incidents, and so on.
ENS professionals are easily accessible
Chambers Global Guide
icon: team


icon: awards

awards and rankings

ENS is recognised by leading international ranking agencies, including Chambers Global, Legal 500, IFLR1000 and the World Tax Guide, for achieving consistently high standards.

Furthermore, the firm is a regular recipient of regional awards such as DealMakers and has twice received the TMT Team of the Year Award at the African Legal Awards.

Chambers GlobalLegal 500IFLR1000Dealmaker Awards
pull quote
strong expertise in data privacy and migration and online payment systems, as well as in the sector's regulatory regime
Chambers Global Guide
pull quote
pull quote
their lawyers are of the highest standard
Chambers FinTech Guide
pull quote
pull quote
they give us impeccable guidance we trust
Chambers Global Guide
pull quote
pull quote
innovative legal results on a consistently high level
Chambers Global Guide
pull quote
pull quote
a strong presence across the continent
Chambers FinTech Guide
pull quote
icon: expertise


Data privacy 
Policies and 
Policy reviews Operator agreements Consent requests Joint data 
processing contracts
sharing agreements
data transfer
corporate rules
Record retention Data subject 
access request
Privacy impact 
Direct marketing Use of cookies Data breach 
data transfers
Prior authorisation Codes of conduct Cyber insurance 
and security
Data breach response Data 
Regulator notifications Regulator investigations Privacy by design Training Regulatory enforcement Civil litigation
icon: experience icon: experience


Data privacy advice provided to major African mining companies, international car manufacturers, various large local and international retail groups, local and international telecommunication service providers, major media companies, investment holding companies, a gaming and entertainment group, local and international logistic and courier companies, international law firms and other organisations. The advice included data privacy compliance programmes, personal information impact assessments and compliance gap analysis, as well as complex data privacy issues such as direct marketing consents, responsible parties versus operators, liability of information officers, prior authorisation and intergroup sharing of data.
Big data advice provided to large telecommunication service providers, major media companies and fintech companies, including all aspects of using big data for commercial purposes and compliance with laws affecting privacy and security.
Data protection advice, including related agreements, policies and procedure documents, provided to major local and international banks, global social media and messenger platform providers, various large retail groups, a telecommunication service provider, major media companies, investment holding companies, and a gaming and entertainment group.
Security breach assistance provided to major retailers, mining companies, banks, technology and telecommunication companies, as well as lifestyle and fitness companies. This included managing and responding to breaches, regulatory investigations, and data / cyber breach notifications to regulators and data subjects.
Acted for a variety of corporate entities against former employees involved in theft of data, and advised on steps to reduce reputational and other damage. This included representing a large corporate in urgent court proceedings to preserve and recover data stolen during a data breach.
Promotion of Access to Information Act (PAIA) and Protection of Personal Information Act (POPIA) advice provided to multinational retailers, international vehicle manufacturers, local and international telecommunication service providers, major media companies, investment holding companies, local and international logistic and courier companies, and large mining companies, regarding requests made to these organisations for information.
Training of staff, management and information officers on POPIA and General Data Protection Regulation (GDPR), including marketing, HR, IT, intergroup data sharing, cross-border data sharing, policy implementation and managing data breach incidents.
Since 2014, ENS has been part of the United Nations Global Pulse Data Privacy and AI Expert Group, a body comprising some of the world’s leading data privacy lawyers, regulators and academics.
Preparation and implementation of comprehensive incident response plans for a multinational oil and gas company, major retailers and a large telecommunication service provider.
Opinions on wording, coverage, reinsurance and interpretation of insurance policies (including cyber coverage wording) for major retailers, an international mining company and a large telecommunication service provider.
icon: news