negative image of an eye with blue iris

The challenges arising from data are countless and inescapable in our maturing technological landscape. To future-proof your organisation, and unlock opportunity from your data, you need alert and experienced lawyers who will deliver practical advice. Our team of experts have the requisite expertise and experience to provide practical advice and assistance to help you future proof your business in this critical area.

Our team is composed of experts in data protection and security, data loss and information management and can draw on our extensive experience in order to provide practical solutions for your business. 

What sets us apart is our specialist data protection sector expertise, particularly in highly regulated sectors like technology, media and communications, energy and utilities, healthcare and financial services.  

We are at the forefront of thought leadership in relation to the Protection of Personal Information Act (POPI). We have advised clients extensively on its implementation and have provided guidance, updates and training on the implementation of POPI every step of the way.

Our team provides counsel across a wide range of areas including data protection registration and policy development, data security and mobile device encryption, data transfer procedures using model clauses and binding corporate rules, freedom of information requests, data subject access requests and resolving data protection issues arising from outsourcing projects. 


Clients turn to CMS to advise on global data privacy, protection and information security projects. Leading multinational companies, many of which hold large amounts of sensitive data and are heavily regulated, instruct us to advise on multi-jurisdictional projects.

Global AND local

Our teams are flexible in that they handle both large multinational projects but can also deep-dive for niche, country-specific advice. The teams are on the ground in over 40 countries, speak the local language and understand the local laws – but crucially in a global context.

Pragmatism and business acumen

CMS has a knack for turning legal advice into practical solutions that make sense not just to your legal teams, but to your other employees, such as the HR function, or software engineers.

For the very latest legal updates delivered directly to your inbox, sign up to the Law-Now subscription service now.




Zaakir Mo­hamed ap­poin­ted as Deputy Chair­per­son of the ICFP
Jo­han­nes­burg - based part­ner Zaakir Mo­hamed has been elec­ted to serve as the Deputy Chair­per­son of the Board of Dir­ect­ors of the In­sti­tute of Com­mer­cial Forensic Prac­ti­tion­ers (ICFP).  The ICFP is a...
Data Breaches: Pre­ven­tion is Bet­ter than Cure
Re­spond­ing to a data breach is a com­plex and bur­den­some task. Even if an or­gan­isa­tion is well-pre­pared and re­sponds ef­fect­ively to a data breach, the fal­lout may still res­ult in severe fin­an­cial, op­er­a­tion­al...
Data Breaches: Prac­tic­al Con­sid­er­a­tions
All or­gan­isa­tions are vul­ner­able to cy­ber-at­tacks. Cy­ber­crim­in­als will at­tack any or­gan­isa­tion from which they can pos­sibly profit or be­ne­fit (be it fin­an­cially or oth­er­wise). This is a press­ing loc­al...
The rap­id rise of cy­ber risk in South Africa
South Africa has in re­cent years seen a stark in­crease in the com­mis­sion of crimes re­lat­ing to cy­ber crime and/or cy­ber se­cur­ity breaches. It is thus no sur­prise that South Africa has rap­idly garnered...
How dis­clos­ure re­quire­ments em­power South Afric­an Data Sub­jects
One of the sig­ni­fic­ant con­di­tions for law­ful pro­cessing un­der the Pro­tec­tion of Per­son­al In­form­a­tion Act, 2013 (“POPIA”) is “open­ness”, which can be said to con­sist of two “pil­lars”. The pur­poses...
Man­aging Cross-bor­der Data Trans­fers
In South Africa, per­son­al in­form­a­tion may be trans­ferred to a third party or or­gan­isa­tion out­side of South Africa, provided that one of the per­mit­ted cir­cum­stances out­lined in sec­tion 72 of the Pro­tec­tion...
Im­ple­ment­ing POPIA with­in your or­gan­iz­a­tion - The Per­son­al In­form­a­tion...
Since its en­act­ment, the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”/”the Act”) has im­posed nu­mer­ous ob­lig­a­tions on vari­ous or­gan­isa­tions across South Africa to align their busi­ness...
The Role of Em­ploy­ees in Data Pro­tec­tion
Many or­gan­isa­tions, in pre­par­a­tion for the com­mence­ment of the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”), have com­mis­sioned and draf­ted world-class or­gan­isa­tion­al data pro­tec­tion...
One year in­to POPIA - tak­ing stock
1 Ju­ly 2022 marks the one-year an­niversary of the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”) com­pli­ance dead­line for all or­gan­isa­tions, as provided by the gov­ern­ment of South Africa...
CMS Next
What’s next? In a world of ever-ac­cel­er­at­ing change, stay­ing ahead of the curve and know­ing what’s next for your busi­ness or sec­tor is es­sen­tial.At CMS, we see ourselves not only as your leg­al ad­visers but also as your busi­ness part­ners. We work to­geth­er with you to not only re­solve cur­rent is­sues but to an­ti­cip­ate fu­ture chal­lenges and in­nov­ate to meet them.With our latest pub­lic­a­tion, CMS Next, our ex­perts will reg­u­larly of­fer you in­sights in­to and fresh per­spect­ives on a range of is­sues that busi­nesses have to deal with – from ESG agen­das to re­struc­tur­ing after the pan­dem­ic or fa­cing the di­git­al trans­form­a­tion. We will also share with you more about the work that we are do­ing for our cli­ents, help­ing them in­nov­ate, grow and mit­ig­ate risk.To be able to provide you with the best sup­port, we im­merse ourselves in your world to un­der­stand your leg­al needs and chal­lenges. However, it is equally im­port­ant that you know who we are and how we can work with you. So, we in­vite you to meet our ex­perts and catch a glimpse of what is hap­pen­ing in­side CMS.En­joy read­ing this pub­lic­a­tion, which we will up­date reg­u­larly with new con­tent.CMS Ex­ec­ut­ive Team
The suc­cess­ful al­loc­a­tion of the high-de­mand ra­dio fre­quency spec­trum
On 26 Ju­ly 2019, the Min­is­ter of Com­mu­nic­a­tions pub­lished the Policy on High De­mand Spec­trum and Policy Dir­ec­tion on Li­cens­ing of a Wire­less Open Ac­cess Net­work ("WOAN Policy") to tackle the spec­trum...
Leg­al pre­ci­sion in pri­vacy, data se­cur­ity and data pro­tec­tion - Ex­pert...
Ex­pert leg­al ad­visers in Africa