Data protection and information governance is a growing area of law and regulation and, consequently, an increasing risk area for businesses and organisations. There are data protection laws in over 90 countries around the world, with the Protection of Personal Information Act soon to be fully in force in South Africa. Information and technology governance is also addressed in other ways, including the King Report of Corporate Governance for South Africa.
Our data protection and information governance service offering includes:
- advising on compliance and conducting legal compliance assessments with applicable privacy and data protection laws to identify and remedy areas of non-compliance;
- reviewing, amending and drafting the full range of agreements, policies and documentation regulating the use, processing and disclosure of information (including privacy policies, workplace policies, document retention and destruction policies, and non-disclosure and confidentiality agreements);
- designing and implementing training programmes on responsibility and compliance with data protection and privacy laws;
- advising on cross-border transfers of data;
- ensuring that privacy by design forms part of the development of new applications, products and services;
- advising on how to manage personal information when merging or acquiring another entity, including obtaining permissions, combining different privacy practices and privacy cultures, and transferring customer files or employee records;
- advising on engagements with key stakeholders, including regulators; and
- drafting and implementing reputation and crisis management policies and procedures, to help manage and mitigate consequences of data breaches and unauthorised disclosures.