Navigate Data Protection and Data Privacy

Data protection and data privacy issues impact all business and industry sectors, not only ‬in South Africa but across the globe. Compliance with the laws and protecting ‬individuals’ privacy is not just a legal issue. Failure to respect people’s privacy or ensure ‬the security of their data can severely damage a company’s brand and influence consumer ‬buying decisions.‬‬‬‬‬‬‬‬

Navigating the myriad complexities around data protection and data privacy is best done by experts properly equipped to give legal advice that is clear, accurate, and future-focused. The Protection of Personal Information Act (the POPI Act or POPIA which people also refer to as POPIA Act) is finally here and expert guidance will be needed by small and big entities alike, in properly assimilating the details of the Act and all the implications contained therein.

How POPIA could cause uncertainty:

  • Why do you need to be concerned with POPIA and data protection?
  • What is important and requires immediate attention?
  • Where to start and where does POPIA apply in the world?
  • Who should assist with what, and to what extent?
  • When should you be attending to what?

Keeping with our ethos of excellence, Werksmans recognises business needs to provide the best possible service to its clients and to the market, while navigating through the regulatory minefield. We recognise that the personal information of suppliers, customers, and employees are valuable assets. We have recently developed the Werksmans.Gettoknowit POPIA e-learning course which provides a consistent, accurate, in-depth, and dependable means of training staff, in order to protect both the business and employees from possible penalties, damages, and sanctions arising from non-compliance.

POPIA Framework

Essentially, POPIA:

  • sets out the rules and practices which must be followed when processing information about individuals and juristic persons;
  • grants rights to individuals in respect of their information;
  • and creates an independent regulator to enforce these rules, rights and practices.

It should be noted that POPIA applies to:

  • information that is processed automatically;
  • information recorded on paper;
  • and health records and certain public authority records.

Read more about POPIA: A Guide to the Protection of Personal Information Act of South Africa.

Guidelines on Completing Section 22 Security Compromise Form – Infographic – Landscape – 20220818

POPIA Landscape

Compliance with POPIA should never anchor your business down. Business must protect the data of all South Africans.

Prioritising data privacy and ensuring optimal processing of Personal Information has the potential to unlock instrumental value and benefit for your business, while not risking non-compliance with legislation.

7 fundamental ports of reference on the road to POPI compliance

Data breach

A data breach can have a range of devastating consequences for any business. Establishing data protection and data privacy is vital in maintaining a company’s reputation. A data breach may cause a loss of customer and partner trust. The loss of critical data, such as source files or intellectual property, can cost a company its competitive advantage.

Going further, a data breach can impact corporate revenues due to non-compliance with data protection regulations. With high-profile data breaches making media headlines, it’s essential that companies adopt and implement a strong cybersecurity approach. A data breach plan and process cannot be neglected.

Read more about: Data breaches in South Africa post POPI…Any lessons to be learned?


We cannot ignore cybersecurity when talking about POPIA. Part of information security is cybersecurity, which refers to the practice of ensuring the integrity, confidentiality, and availability of information.

Why is cybersecurity important?

The world relies on technology more than ever before. As a result, digital data is created at a pace never thought possible. Today, businesses and governments store a great deal of that data on computers and transmit it across networks to other computers and countries. The major cybersecurity risks to your business.

Common types of cybersecurity

Cybersecurity is constantly evolving

Traditional cybersecurity is centered on the implementation of defensive measures around a defined perimeter. Recent enablement initiatives like remote workers and Bring Your Own Device policies have dissolved the perimeter, reduced visibility into cyber activity, and expanded the attack surface. Ultimately, your company must be empowered to prioritise the most serious threats to data privacy by reducing investigation, and threat detection times. At Werksmans we need our clients to ask the right questions in order for us to be prepared and assist them in navigating the rough seas.

Werksmans help clients to leverage excellence going forward.

Let us help you navigate these uncertain seas. 


The Broad-Based Black Economic Empowerment Commission

It is vital for businesses and investors to have a full and proper understanding of South Africa’s legal framework and policies on Broad-Based Black Economic Empowerment.  The Broad-Based Black Economic Empowerment Commission actively investigates complaints and “fronting practices” and misrepresenting B-BBEE status is a criminal offence that may result in fines of up to 10% of turnover, imprisonment for up to 10 years and being prohibited from tendering for government/pubic entity contracts for 10 years.

B-BBEE is based on five key elements: ownership, management, skills development, enterprise and supplier development and socio-economic development. These elements should be measured annually by an independent verification agent which issues an annual certificate setting a firm’s B-BBEE status for that year.

Firms operating in certain sectors are regulated under a specific Transformation Charter and Codes of Good Practice for that sector. The mining industry has its own Mining Charter issued under the Mineral and Petroleum Resources Development Act. State and parastatal tenders take B-BBEE into account and are regulated under the Preferential Procurement Policy Framework Act. Affirmative action and skills development policies are regulated by the Employment Equity Act and the Skills Development Act.

B-BBEE is accordingly a complicated and specialist field of practice and our B-BBEE team has considerable experience and expertise in advising South African and international businesses to implement B-BBEE properly and in compliance with the relevant legislation.

We created a Guide to explain the Amendments to the B-BBEE act and codes. The purpose of this Guide is to provide you with a basic understanding of the legal framework for B-BBEE and its importance and implications for your business.

Download the Guide here.

Our advisory services

Our experience and expertise include advising on the B-BBEE Act and the Codes of Good Practice, Transformation Charters, Sector Codes and Regulations issued under the B-BBEE Act, State and public entity procurement laws and regulations (including the Preferential Procurement Policy Framework Act and the Public Finance Management Act) and the Employment Equity Act and the Skills Development Act.

We offer a wide range of advisory services covering all aspects of B-BBEE, including:

  • Formulating B-BBEE strategy to align commercial goals with B-BBEE compliance and advising generally on B-BBEE compliance.
  • Advising on B-BBEE ownership structures, and drafting all legal documents for implementing these structures including documents required for broad-based ownership schemes and employee share ownership programs, sale and subscription agreements, shareholders agreements, trust deeds, call and put options and loan, preference share, security and other funding documents.
  • Conducting B-BBEE due diligence investigations.
  • Advising and representing clients on complaints and investigations by the B-BBEE Commission, preparing submissions to the Commission and advising on administrative reviews and other recourse regarding the Commission’s procedures and decisions.
  • Advising on strategies to maximise a firm’s B-BBEE score for B-BBEE management, skills development, procurement/enterprise development and socio-economic development.
  • Tax advice on B-BBEE strategies including on preference share funding structures and ownership structures and transactions.
  • Advising on compliance with the Employment Equity Act and Skills Development Act.
  • Advising on the Mining Charter including its provisions dealing with targets for mining companies and provisions relevant for suppliers of mining companies.
  • Assistance in formulating potential B-BBEE partners’ selection criteria and managing the selection process.
  • Project management in relation to B-BBEE ownership transactions and the implementation of B-BBEE strategies.
  • Preparing submissions to B-BBEE rating agencies and regulators regarding a firm’s B-BBEE strategy.

Podcasts, Videos and Webinars