Data Protection and Privacy
Our Data Protection and Privacy group is a dedicated, multi-disciplinary team of lawyers with specialist knowledge of the Protection of Personal Information (POPI). We also have extensive experience in every aspect of privacy of information and data protection. Our team's specialist know-how means that we combine our technical knowledge of data retention and protection, data security, data transfer, privacy, confidentiality and freedom of information with practical experience.
Our team is the largest practice of its kind in South Africa and consists of lawyers drawn from across the firm’s practice areas, including technology, employment law, dispute resolution, competition and commercial law. Our team is able to advise you on the practical implications of POPI, such as addressing your privacy of information and data protection requirements under the new legislation.
- Analysing current data management policies and procedures;
- Developing a comprehensive data management strategy to comply with legislation and reduce the risk of claims, regulatory enforcement and possible criminal liability;
- Compiling policies to regulate compliance with related legislation, such as the Constitution, the Consumer Protection Act, No 68 of 2008; the Electronic Communications and Transactions Act, No 25 of 2002; the Promotion of Access to Information Act, No 2 of 2000 and POPI;
- Procuring consents to process information and maintaining up to date information, security safeguards and data retention;
- Advising on effective data management structures to underpin commercial deals, including multi-jurisdictional outsourcing transactions;
- Training for effective data management and regulatory compliance;
- Preparing internal policy documents;
- Advising on domestic and international data compliance and public policy;
- Advising IT and corporate clients on managing risk and security and dealing with data breaches;
- Assisting with employment related privacy issues; and
- Assisting with compliance strategies and policies, regulatory investigations, transactional support and litigation.
If you or your company processes personal information about any South African person or concerning any South African business, you will need to comply with the Protection of Personal Information Act
Protection of Personal Information Act, 4 OF 2013 (POPI)
POPI was promulgated on 26 November 2013.
This marks a significant move by the Legislature to provide for legislative requirements and mechanisms for data protection and privacy in South Africa. It regulates the manner in which personal information must be processed.
The legislation gives expression to the right to privacy provided for in the Constitution, while protecting the free-flow of information and advancing the right of access to information. The right to privacy includes the right to protection against unlawful collection, retention, dissemination and use of anyone’s personal information.
POPI will commence on a date to be determined by the President by proclamation in the Government Gazette. It also allows for a one year transition period from the commencement date for all persons to comply with the requirements of the Act.
In terms of this legislation, responsible parties must comply with specific conditions when processing personal information. It is therefore important that all employees responsible for obtaining, processing and securing personal information are provided with the necessary training as soon as possible
POPI will apply to you in you in any manner: collect, receive, record, organise, collate, store, update, alter or modify, retrieve, consult, use, disseminate, distribute, merge, link, erase or destroy personal information.