Privacy, AI and Data Governance

We design and uplift privacy, data-governance and AI risk frameworks that withstand regulatory and supervisory scrutiny and reduce breach and enforcement risk in practice. Our work is grounded in a detailed understanding of South Africa’s Protection of Personal Information Act (POPIA) and related guidance, while aligning with comparable regimes across Africa, GDPR/UK GDPR and other key international markets.

We support organisations across the data governance lifecycle, including data mapping and classification, privacy impact and information assessments, records of processing, policy and control design, and cross border transfer mechanisms. Our frameworks are built to satisfy principle based regulatory requirements and remain defensible in supervisory reviews and investigations.

For financial institutions and regulated entities, we advise banks, insurers, asset managers and other firms on cybersecurity, privacy and operational resilience within complex supervisory frameworks. Our work spans compliance, incident response and enforcement defence under POPIA, sector specific cyber and operational resilience standards, and the evolving expectations of South African financial regulators. We embed tabletop exercises and board training to improve incident readiness and decision making discipline. 

We also advise on third party risk management in regulated environments, including outsourcing, cloud and critical service provider arrangements, ensuring contractual and governance and monitoring frameworks meet POPIA and financial sector supervisory expectations.

Our AI governance is privacy led and focused on risk and controls rather than hype. We advise boards and risk committees on AI accountability, governance ownership and oversight models. We help legal, risk and IT teams triage AI use cases, document outcomes, and integrate AI considerations into existing privacy and security frameworks, prioritising explainability, data minimisation and human oversight. Where operations span multiple jurisdictions, we align local governance with emerging guidance in key markets to maintain consistency.