ENSafrica Data Privacy and Protection

strong expertise in data privacy and migration and online payment systems, as well as in the sector’s regulatory regime Chambers Global

In the age of (big) data being prevalent in virtually every business and most individuals’ day-to-day activities, ENSafrica’s data privacy and protection team are market leaders with unparalleled expertise and experience in providing proactive and reactive solutions for privacy compliance, data commercialisation, data philanthropy and data breach issues.

Compliance with data protection legislation, such as the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulations (GDPR) in the European Union, has resulted in major risks for businesses, with potential for fines, penalties, reputational loss and even jail time.

Our key differentiator is the proven experience and internationally recognised expertise of our data privacy law experts.

Another differentiator is our ENSafrica POPIA toolkit, a comprehensive compliance programme which gives businesses clear direction on requirements and is a quick and cost-effective way for you to fast track your POPIA compliance and manage risk. Based on South African law requirements and global best practice, including the GDPR, it can be implemented as your Protection of Personal Information Policy and used by your Information Officer to meet their compliance duties.

We also assist with all aspects of data breach and security compromise management, because a security compromise could have severe operational, reputational and financial consequences for your business.

ENSafrica is recognised by top ranking agencies for achieving consistently high standards.

As Africa’s largest law firm with over 600 specialist practitioners, we have the capacity to deliver on your business requirements across industries and the continent. We are able to leverage our resources to suit your pricing preferences and deliver within your timeframes.

Taking into account that POPIA and GDPR both require proactive notification of data breach incidents, as well as requirements from the South African Reserve Bank and Cybercrimes legislation, we provide a holistic approach, focusing on:

• Compliance (including comprehensive, world-class policies, procedures and contracts)• Training in data privacy, cybersecurity and social media• Handling of data breaches and security compromises• Data security concerns• E-mail and data reviews• All legal issues pertaining to the commercialisation of data using a myriad of technologies and

technological solutions, including cloud computing, data transfers, data donation, artificial intelligence, offering (free) WiFi, the use of cookies, Internet of Things (IoT), devices, data mining, etc.

Our ENSafrica Toolkit covers:• Training and support for Information Officers• Training on POPIA and cybersecurity• Training and assistance on Privacy by Design• Identification and management of high risk areas and transactions (such as cloud computing)• Formulation and reviews of policies, such as Acceptable Use, Bring Your Own Device and Computer

Security (including cloud security)• Questionnaires and templates for impact assessments (privacy and data privacy)• Template clauses for employee contracts, operator agreements and consent to marketing• POPIA Policy, including a “DOs and DO NOTs” list and policies (Personal Information Sharing,

Security Compromises, Subject Access Request, Privacy (for website) and Record Retention)

We assist with data breach and security compromise management:• Training and implementing sound security compromises policies (including role identification and

training, incident classification, and conducting simulated “fire drill” type security incidents)• Privacy Impact Assessments• Guidance after a security breach or incident, including steps to mitigate the impact• Communication to regulator or relevant authorities such as Reserve Bank and Police, and assistance

with regulatory investigations• Communication to data subjects• Remediation steps

they completely understand our business and industry as a whole, which makes dealing with them seamless and efficient Chambers Global

they are excellent lawyers Chambers FinTech

they are very knowledgeable and give thorough opinions, opinions you know you can trust Chambers FinTech

DATA PRIVACYImplementation of data privacy compliance programmes, as well as assistance and advice, at numerous national and multinational corporates, such as Absa, BMW Group, Broll, City Lodge Hotels, DHL, Discovery Group, First Rand Bank, Mercantile Bank, Nedbank, Parmalat, Pepkor, PPC, Public Investment Corporation, Rand Merchant Bank, Remgro, SASOL, South32, Unilever, Vodacom and VW.

BIG DATAProvision of assistance to numerous financial services, real estate and fintech clients regarding all aspects of using (big) data for commercial purposes and maneuvering through the complex myriad of laws affecting privacy and security while still achieving business objectives.

DATA PROTECTIONNumerous data protection and related policies drafted for various entities, including Cape Union Mart, Deutsche Bank of South Africa, GroBank (South African Bank of Athens), Payments Association of South Africa and Public Investment Corporation (SOC) Ltd.

SECURITY BREACHESSecurity breach assistance provided to various clients, including dealing with and managing breaches, as well as data breach notifications to regulators.

DATA PRIVACYData privacy compliance assistance provided to international law firms, for their clients across Africa.

TRAININGProvision of Information Officer training, including on POPIA and GDPR.

PRIVACY ADVICEProvision of advice to the Privacy Advisory Group to the United Nations Global Pulse, a body comprising some of the world’s leading data privacy lawyers, regulators and academics, of which we have been members since 2014.

DATA PROTECTIONData protection training for companies such as BMW, Deutsche Bank of South Africa, Discovery Group, Enel Green Power, GroBank (South African Bank of Athens), Investec and Nedbank.

DATA PRIVACYOpinions on complex data privacy issues provided to clients such as Absa, Allan Gray, Cash Credit, Commonwealth Bank of Australia, Indox, MoneyGram, Telkom and 3 Way Marketing.

GDPR ADVICEProvision of assistance to leading financial services providers and multinationals on General Data Protection Regulation (GDPR) applicability issues and (re)structuring of client operations to navigate away from the net GDPR application where possible.

Wilmari Strachan Executivewstrachan@ENSafrica.com

I feel very very confident that we are working with the brightest minds Chambers FinTech

Era GunningExecutiveegunning@ENSafrica.com

Ridwaan BodaExecutiverboda@ENSafrica.com