Contact

Data Protection & Privacy

In the ever-evolving digital age, data has become a cornerstone of success. It unlocks insights, fuels innovation, and fosters deeper connections. Yet, within this power lies a fundamental responsibility: protecting the privacy of individuals and the security of this valuable asset. At CDH, we are dedicated to safeguarding your data journey.

Our team of passionate data protection and privacy specialists bear a deep understanding of the European Union’s General Data Protection Regulation (GDPR), the South African Protection of Personal Information Act and the Kenyan Data Protection Act and is both equipped and committed to offering bespoke advice to help you navigate this emerging legal landscape across sub-Saharan Africa.

With a track record spanning more than 170 years, we distinguish ourselves from our competition within the African legal market by forging powerful and longstanding partnerships with our clients. As a trusted advisor and partner, we develop an in-depth understanding of our clients’ businesses, enabling us to tailor legal solutions that are both commercial and practical for our clients’ regulatory and advisory needs.

Kenyan experience

  • Conducting a data protection legal compliance audit for the following clients, preparing a gap analysis report and developing and supporting the implementation of a compliance plan/road map:
  1. the Kenyan subsidiary of one of the world’s largest container shipping companies;
  2. one of Kenya’s largest and oldest footwear manufacturing companies; and
  3. one of Kenya’s leading confectionery manufacturing companies.
  • Advising the East African subsidiary of a multi-billion-dollar Japanese conglomerate on its compliance with the Kenyan Data Protection Act, including conducting a compliance review of its data privacy manuals and policies.
  • Advising a leading international parcel delivery service provider on data protection in relation to the collection and use of its customers’ personal data in Kenya.
  • Advising a leading international fertiliser manufacturer on:
  1. the data protection implications under the GDPR.
  2. Kenyan and Tanzanian data protection laws in relation to the collection of personal data for its COVID-19 related aid programme for famers in Africa;
  3. and the preparation and review of its software platform’s terms of use and various privacy policies to ensure compliance with data protection law under the relevant regimes.
  • Advising the tech start-up arm of a listed Kenyan marketing and communications company in relation to the drafting and review of its privacy policies for use in Kenya, Tanzania, South Africa, Uganda, Zambia and Ghana.
  • Advising the Sydney-based office of one of the largest international law firms in the world on behalf of its client, a leading multinational financial and payment services provider, on the data protection implications of a new/intended payment services program at the pre-launch stage.
  • Advising one of the world’s largest social media and technology companies in relation to the data protection framework in Kenya, including advising on the content of the Constitution, 2010 and the 2018 and 2019 Data Protection Bills.
  • Advising the South African office of one of the largest international law firms in the world on behalf of its client, one of the world’s leading online retail service providers, on a comparison between various aspects of the EU GDPR and the Kenyan Data Protection Act.
  • Advising a US-based cyber security technology company in relation to the data protection review of its end user licence agreements, data subject consent forms and data protection agreements.
  • Advising an American multinational technology company that specialises in internet-related services and products on the Kenyan data protection compliance concerns relating to the collection and processing of personal data for purposes of its identity verification program for customers of its services.
  • Advising the South African office of one of the largest international law firms in the world, on
    behalf of its client (an international on-demand cloud computing platforms and services provider),
    on the data localisation and data sovereignty requirements under Kenyan data protection law.
  • Advising the foreign trading arm of the Japanese Government on the various aspects of the Kenyan
    Data Protection Act, including the adequate and appropriate personal data safeguards required under the act, the extra-territorial application on the Kenyan Data Protection Act, obligations of data processors, etc.

South African Experience

  • Advising on the employment aspect of a global oil company’s audit in terms of South African data protection law.
  • Advising on the data retention requirements in South Africa for a multinational banking group.
  • Advising on data protection implications for cloud services and other complex IT services.
  • Advising numerous local banks and financial institutions about the South African Reserve Bank’s directives on cloud services, outsourcing and cyber incidents and, in particular, the related data protection and information security risks.
  • Carrying out a number of personal information assessments and privacy-by-design projects for
    innovative client service offerings, including online aggregator and e-commerce platforms, mobile
    applications and value-added service offerings.
  • Providing advice on data protection laws to a major listed company in relation to its data protection policy documents.
  • Advising a number of different South African state-owned enterprises on achieving compliance with the provisions of the Protection of Personal Information Act.
  • Advising various government entities and private sector clients on the data protection implications
    of processing COVID-19 related personal information, including health information.
  • Providing data protection opinions relating to identity verification systems, database sale and reuse, and big data analysis.
  • Advising a multinational outdoor advertising company on its data protection legislation compliance across 14 African jurisdictions.
  • Advising an international hospital group on its cross border intra-group data transfers and binding corporate rules (considering data protection legislation in the EU, UAE, and Switzerland).
  • Advising on issues relating to the consent to process special personal information in relation to the first national health information exchange platform.
  • Advising a large bank in respect of its data protection and information security compliance framework.
  • Advising a listed retailer on its data protection compliance framework and assisting with drafting various privacy policies, advising on privacy by design, and carrying out privacy impact assessments
    on existing and new product offerings.
  • Carrying out specialist opinion work for a large insurer/financial services provider on various issues relating to data protection and compliance with the EU GDPR.

Webinar Recording | AI on Trial Navigating legal risks in the age of AI

Exploring the legal challenges and risks that AI presents in today's rapidly evolving technological landscape. We probed into the implications of AI on legal frameworks, offering insights on how to navigate potential legal pitfalls. 

Watch our team of experts as they discuss the intersection of law and AI and the opportunities it offers. 

Data Protection & Privacy
Data Protection & Privacy

Services

Our team of passionate data protection and privacy specialists bear a deep understanding of the European Union’s General Data Protection Regulation (GDPR), the South African Protection of Personal Information Act and the Kenyan Data Protection Act and is both equipped and committed to offering bespoke advice to help you navigate this emerging legal landscape across sub-Saharan Africa.

With a track record spanning more than 170 years, we distinguish ourselves from our competition within the African legal market by forging powerful and longstanding partnerships with our clients. As a trusted advisor and partner, we develop an in-depth understanding of our clients’ businesses, enabling us to tailor legal solutions that are both commercial and practical for our clients’ regulatory and advisory needs.

Kenyan experience

  • Conducting a data protection legal compliance audit for the following clients, preparing a gap analysis report and developing and supporting the implementation of a compliance plan/road map:
  1. the Kenyan subsidiary of one of the world’s largest container shipping companies;
  2. one of Kenya’s largest and oldest footwear manufacturing companies; and
  3. one of Kenya’s leading confectionery manufacturing companies.
  • Advising the East African subsidiary of a multi-billion-dollar Japanese conglomerate on its compliance with the Kenyan Data Protection Act, including conducting a compliance review of its data privacy manuals and policies.
  • Advising a leading international parcel delivery service provider on data protection in relation to the collection and use of its customers’ personal data in Kenya.
  • Advising a leading international fertiliser manufacturer on:
  1. the data protection implications under the GDPR.
  2. Kenyan and Tanzanian data protection laws in relation to the collection of personal data for its COVID-19 related aid programme for famers in Africa;
  3. and the preparation and review of its software platform’s terms of use and various privacy policies to ensure compliance with data protection law under the relevant regimes.
  • Advising the tech start-up arm of a listed Kenyan marketing and communications company in relation to the drafting and review of its privacy policies for use in Kenya, Tanzania, South Africa, Uganda, Zambia and Ghana.
  • Advising the Sydney-based office of one of the largest international law firms in the world on behalf of its client, a leading multinational financial and payment services provider, on the data protection implications of a new/intended payment services program at the pre-launch stage.
  • Advising one of the world’s largest social media and technology companies in relation to the data protection framework in Kenya, including advising on the content of the Constitution, 2010 and the 2018 and 2019 Data Protection Bills.
  • Advising the South African office of one of the largest international law firms in the world on behalf of its client, one of the world’s leading online retail service providers, on a comparison between various aspects of the EU GDPR and the Kenyan Data Protection Act.
  • Advising a US-based cyber security technology company in relation to the data protection review of its end user licence agreements, data subject consent forms and data protection agreements.
  • Advising an American multinational technology company that specialises in internet-related services and products on the Kenyan data protection compliance concerns relating to the collection and processing of personal data for purposes of its identity verification program for customers of its services.
  • Advising the South African office of one of the largest international law firms in the world, on
    behalf of its client (an international on-demand cloud computing platforms and services provider),
    on the data localisation and data sovereignty requirements under Kenyan data protection law.
  • Advising the foreign trading arm of the Japanese Government on the various aspects of the Kenyan
    Data Protection Act, including the adequate and appropriate personal data safeguards required under the act, the extra-territorial application on the Kenyan Data Protection Act, obligations of data processors, etc.

South African Experience

  • Advising on the employment aspect of a global oil company’s audit in terms of South African data protection law.
  • Advising on the data retention requirements in South Africa for a multinational banking group.
  • Advising on data protection implications for cloud services and other complex IT services.
  • Advising numerous local banks and financial institutions about the South African Reserve Bank’s directives on cloud services, outsourcing and cyber incidents and, in particular, the related data protection and information security risks.
  • Carrying out a number of personal information assessments and privacy-by-design projects for
    innovative client service offerings, including online aggregator and e-commerce platforms, mobile
    applications and value-added service offerings.
  • Providing advice on data protection laws to a major listed company in relation to its data protection policy documents.
  • Advising a number of different South African state-owned enterprises on achieving compliance with the provisions of the Protection of Personal Information Act.
  • Advising various government entities and private sector clients on the data protection implications
    of processing COVID-19 related personal information, including health information.
  • Providing data protection opinions relating to identity verification systems, database sale and reuse, and big data analysis.
  • Advising a multinational outdoor advertising company on its data protection legislation compliance across 14 African jurisdictions.
  • Advising an international hospital group on its cross border intra-group data transfers and binding corporate rules (considering data protection legislation in the EU, UAE, and Switzerland).
  • Advising on issues relating to the consent to process special personal information in relation to the first national health information exchange platform.
  • Advising a large bank in respect of its data protection and information security compliance framework.
  • Advising a listed retailer on its data protection compliance framework and assisting with drafting various privacy policies, advising on privacy by design, and carrying out privacy impact assessments
    on existing and new product offerings.
  • Carrying out specialist opinion work for a large insurer/financial services provider on various issues relating to data protection and compliance with the EU GDPR.

Video

Webinar Recording | AI on Trial Navigating legal risks in the age of AI

Exploring the legal challenges and risks that AI presents in today's rapidly evolving technological landscape. We probed into the implications of AI on legal frameworks, offering insights on how to navigate potential legal pitfalls. 

Watch our team of experts as they discuss the intersection of law and AI and the opportunities it offers. 

Brochures

Data Protection & Privacy
Data Protection & Privacy

Data Protection & Privacy Lawyers

Our Data Protection & Privacy Lawyers
SECTOR HEADS
Tayyibah Suliman

Tayyibah Suliman

Sector Head, Director +27 (0)11 562 1667tayyibah.suliman@cdhlegal.com
Shem Otanga

Shem Otanga

Partner +254 724 531 856shem.otanga@cdhlegal.com

Our Work

All

Conducting a data protection legal compliance audit for the following clients, preparing a gap analysis report and developing and supporting the implementation of a compliance plan/road map: the Kenyan subsidiary of one of the world’s largest container shipping companies; one of Kenya’s largest and oldest footwear manufacturing companies; and one of Kenya’s leading confectionery manufacturing companies.

Advising the East African subsidiary of a multi-billion-dollar Japanese conglomerate on its compliance with the Kenyan Data Protection Act, including conducting a compliance review of its data privacy manuals and policies.

Advising a leading international parcel delivery service provider on data protection in relation to the collection and use of its customers’ personal data in Kenya.

Advising a leading international fertiliser manufacturer on: the data protection implications under the GDPR; Kenyan and Tanzanian data protection laws in relation to the collection of personal data for its COVID-19 related aid programme for famers in Africa; and the preparation and review of its software platform’s terms of use and various privacy policies to ensure compliance with data protection law under the relevant regimes.

Advising the tech start-up arm of a listed Kenyan marketing and communications company in relation to the drafting and review of its privacy policies for use in Kenya, Tanzania, South Africa, Uganda, Zambia and Ghana.

Advising on the employment aspect of a global oil company’s audit in terms of South African data protection law.

Advising on the data retention requirements in South Africa for a multinational banking group.

Advising on data protection implications for cloud services and other complex IT services.

Advising numerous local banks and financial institutions about the South African Reserve Bank’s directives on cloud services, outsourcing and cyber incidents and, in particular, the related data protection and information security risks.

Carrying out a number of personal information assessments and privacy-by-design projects for innovative client service offerings, including online aggregator and e-commerce platforms, mobile applications and value-added service offerings.

Our Work

Conducting a data protection legal compliance audit for the following clients, preparing a gap analysis report and developing and supporting the implementation of a compliance plan/road map: the Kenyan subsidiary of one of the world’s largest container shipping companies; one of Kenya’s largest and oldest footwear manufacturing companies; and one of Kenya’s leading confectionery manufacturing companies.

Advising the East African subsidiary of a multi-billion-dollar Japanese conglomerate on its compliance with the Kenyan Data Protection Act, including conducting a compliance review of its data privacy manuals and policies.

Advising a leading international parcel delivery service provider on data protection in relation to the collection and use of its customers’ personal data in Kenya.

Advising a leading international fertiliser manufacturer on: the data protection implications under the GDPR; Kenyan and Tanzanian data protection laws in relation to the collection of personal data for its COVID-19 related aid programme for famers in Africa; and the preparation and review of its software platform’s terms of use and various privacy policies to ensure compliance with data protection law under the relevant regimes.

Advising the tech start-up arm of a listed Kenyan marketing and communications company in relation to the drafting and review of its privacy policies for use in Kenya, Tanzania, South Africa, Uganda, Zambia and Ghana.

Advising on the employment aspect of a global oil company’s audit in terms of South African data protection law.

Advising on the data retention requirements in South Africa for a multinational banking group.

Advising on data protection implications for cloud services and other complex IT services.

Advising numerous local banks and financial institutions about the South African Reserve Bank’s directives on cloud services, outsourcing and cyber incidents and, in particular, the related data protection and information security risks.

Carrying out a number of personal information assessments and privacy-by-design projects for innovative client service offerings, including online aggregator and e-commerce platforms, mobile applications and value-added service offerings.

Market recognition

  • Chambers Global 2024 ranked our practice in Band 2 for IT & telecoms.
  • Chambers Global 2011–2023 ranked our practice in Band 1 for IT & telecommunications.
  • Chambers FinTech 2019–2022 ranked our FinTech sector in Band 1.

Market recognition

  • Chambers Global 2024 ranked our practice in Band 2 for IT & telecoms.
  • Chambers Global 2011–2023 ranked our practice in Band 1 for IT & telecommunications.
  • Chambers FinTech 2019–2022 ranked our FinTech sector in Band 1.

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline