Data Protection

Our Data Protection Group, a multi-disciplinary team of experienced lawyers, assists with all data protection issues, compliance and incident response initiatives.

  • Overview


As the importance of technology and international trade in our world increases, so does the need to regulate the processing and cross border flow of personal information. At the same time, organisations are increasingly at risk of cyberattacks. The need for adequate prevention, security and incident response plans cannot be overstated.

In addition to the General Data Protection Regulation (GDPR), which has had a global impact on how international businesses conduct themselves, several countries in Africa have recently passed, started to enforce, or are considering adopting data protection legislation of their own.

Every transaction, contract and dispute requires the processing of personal information. It is relevant to every area of law, in every jurisdiction on our continent and around the world.

Our multi-disciplinary team of experienced lawyers across our offices can assist clients with their data protection queries and compliance and incident response initiatives.

Specialist services: 

  • advising on the data processing requirements set out in the applicable laws and the implications for client businesses, including reviewing and preparing contracts, policies, processes and procedures, and other data protection and privacy controls;
  • assisting with the appointment and training of information officers, and their registration with the relevant regulatory authorities;
  • conducting training and awareness sessions with employees, in order to ensure compliance with data protection, privacy, incident response and other data processing requirements;
  • assisting with conducting impact assessments, preparing and implementing compliance frameworks and developing incident response plans;
  • advising employers on their obligations pertaining to the processing of the personal information of employees;
  • representing clients and providing dispute resolution advice;
  • advising on the implications of data protection laws on corporate transactions and the obligations arising from the ownership, sharing and transfer of personal information;
  • advising on the cross-border transfer of personal information and cloud data processing;
  • advising on the competition law aspects pertaining to the processing and the use of personal information; and
  • advising on data protection concerns in the context of due diligences.

Our specialist Cybersecurity and Major Incidents Group provides advice on crisis management and the handling of major incidents that arise from data breaches and the consequences of those breaches. We advise boards on governance surrounding incident response decisioning, reporting obligations and resulting litigation risk exposure.