Home / People / Savanna Stephens
Portrait of Savanna Stephens

Savanna Stephens

Senior Associate

CMS RM Partners
82 Maude Street
3rd Floor
Sandton
2196
Johannesburg
South Africa
Languages English
Commercial

Savanna is a Corporate/M&A and Commercial lawyer.

Her areas of practices include general corporate and commercial law with a focus on mergers and acquisitions, equity capital markets and technology and data protection laws. Savanna has advised and acted for domestic and international clients in a broad range of sectors and industries including healthcare, financial, emerging technologies, hospitality, retail, industrial, manufacturing, media and entertainment. 

Savanna has experience in advising clients on a range of transactional and general commercial advisory matters, including due diligences, transaction agreements, general commercial agreements, distribution and franchising arrangements and data protection and privacy compliance projects. She also has experience in advising on specialised transactions in the telecommunications sector in the African region. 

Savanna has worked with clients on South Africa’s Protection of Personal Information Act (POPIA) and similar legislation throughout Africa and has experience in advising multinational corporations on the effects of data protection regulation concerning European's General Data Protection Regulation and the interplay with POPIA. Savanna previously hosted and spoke at a data protection event with members of the Information Regulator in 2020.

Prior to joining CMS South Africa, she served her articles of clerkship at Webber Wentzel, subsequent to which she joined DLA Piper South Africa where she had spent four years, including a short secondment to the data protection and privacy teams in Brussels and Paris and later Clyde & Co Inc. 

Savanna was admitted as an attorney and notary public of the High Court of South Africa in 2017. She holds an LL.B from the University of KwaZulu-Natal. 

more less

Relevant experience

  • Altron a listed technology company - on the demerger of its UK subsidiary, Bytes UK from the group and the subsequent listing of the Bytes UK plc on the LSE and a secondary listing on the JSE. 
  • Kore Potash Limited - on the re-domicile to London, the listing on AIM and the secondary listing on the JSE, particularly in relation to the secondary fast track listing of Kore Potash plc on the JSE.
  • A petrochemical company - on the disposal of fifty percent of its business in Zambia, Zimbabwe and Mozambique and the subsequent joint venture arrangements with its new partner, a German listed entity.
  • Individual management sellers, ABV and Raubenbel -  in the sale of all of their shares in Chill Holdings Proprietary Limited to Long4Life Limited.
  • Dimension Data, a global information technology services company - on the acquisition of ecommerce platform in United Kingdom.
  • A multi-national enterprise information management services company - in respect of the acquisition of a South African document destruction company.
  • A global fishing tackle brands distribution company - in the disposal of its local subsidiary in South Africa.
  • Various multinational companies - in implementing data protection and privacy compliance projects to ensure compliance with POPIA and assisting with various data breaches and the respective notification obligations.
  • An American fast-food company - on the termination and implementation of new franchising arrangements within South Africa.
  • Various multinational companies - with the introduction of platform and software application for mobile phones in to the South African market.
  • A prestigious South African bank - with a presence in Europe on the effects of the EU’s General Data Protection Regulation.
  • Various international automotive manufacturers - on various data protection related issues in respect of its automotive and internet of vehicle services applications and other market entry issues in relation to the launch of internet of vehicle services in the South Africa.
more less

Memberships & Roles

  • Member of Legal Pratice Council, Gauteng
  • Notary Public.
more less

Education

  • 2017 -  Advanced Company Law Certificate (II), University of the Witwatersrand, South Africa
  • 2015 – LL.B, University of KwaZulu Natal, South Africa
more less
Data Protection & Privacy

Savanna is a lawyer specializing in Data Privacy & Protection.

Prior to joining CMS South Africa, she served her articles of clerkship at Webber Wentzel, subsequent to which she joined DLA Piper South Africa where she had spent four years, including a short secondment to the Data Protection & Privacy teams in Brussels and Paris and later Clyde & Co Inc.

She has extensive experience in advising local and multinational corporations on the effects of data protection regulation concerning European, South African and other African jurisdictions' data protection regulations. Savanna has conducted client seminars on the Data Protection obligations under South Africa's Protection of Personal Information Act (POPIA), African Data Protection laws and the comparison/interplay between POPIA and GDPR. Savanna hosted a Data Protection event with members of the Information Regulator (Data Protection Authority) in 2020, where she was a speaker.

Savanna has assisted clients in a broad range of sectors including healthcare, financial, emerging technologies, hospitality, retail, industrial, manufacturing, media and entertainment with day to day Data Protection & Privacy advice and Data Protection compliance projects which ensure that all the necessary systems and procedures are in place for compliance with POPIA.

Her areas of practices also include general corporate and commercial law with a focus on mergers and acquisitions, equity capital markets, technology and data protection laws.
 

more less

Relevant experience

  • Various local and multinational banking, insurance, manufacturing, mining, retail and consumer goods companies - in implementing data protection and privacy compliance projects to ensure compliance with POPIA and assisting with various data breaches and the respective notification obligations.
  • Various multinational companies - on various data breaches, security compromises and the applicable notification requirements under South Africa.
  • A South African bank with a presence in Europe - on the effects of the EU’s General Data Protection Regulation on its activities.
  • A global logistics company - on the compliance requirements for all its internally and externally managed IT systems in South Africa.
  • Amazon - on market entry issues and data protection requirements in South Africa. 
  • TikTok - on regulatory requirements pertaining to various campaigns and projects to be launched in South Africa. 
  • An American technology company - on market entry issues in relation to the launch of data breach/privacy solutions for insurers and banks in the South Africa.
  • Several global technology companies - on the introduction of a new platform and software application for mobile phones in the South African market.
  • A German automotive manufacturer - on various data protection related issues in respect of its automotive applications.
more less

Memberships & Roles

  • Member of Legal Pratice Council, Gauteng
  • Notary Public
more less

Education

  • 2017 -  Advanced Company Law Certificate (II), University of the Witwatersrand, South Africa
  • 2015 – LL.B, University of KwaZulu Natal, South Africa
more less
11/08/2021
Leg­al pre­ci­sion in pri­vacy, data se­cur­ity and data pro­tec­tion - Ex­pert...
Ex­pert leg­al ad­visers in Africa

Feed

15/08/2022
Data prices may fall if new spec­trum al­loc­a­tion leads to more com­pet­i­tion
But SA con­sumers may have to be pa­tient to see how the in­creased spec­trum al­loc­a­tion trans­lates in­to more af­ford­able mo­bile data costs.When SA com­pleted its latest, long over­due, ra­dio fre­quency spec­trum...
14/07/2022
How dis­clos­ure re­quire­ments em­power South Afric­an Data Sub­jects
One of the sig­ni­fic­ant con­di­tions for law­ful pro­cessing un­der the Pro­tec­tion of Per­son­al In­form­a­tion Act, 2013 (“POPIA”) is “open­ness”, which can be said to con­sist of two “pil­lars”. The pur­poses...
14/07/2022
How dis­clos­ure re­quire­ments em­power South Afric­an Data Sub­jects
One of the sig­ni­fic­ant con­di­tions for law­ful pro­cessing un­der the Pro­tec­tion of Per­son­al In­form­a­tion Act, 2013 (“POPIA”) is “open­ness”, which can be said to con­sist of two “pil­lars”. The pur­poses...
11/07/2022
Man­aging Cross-bor­der Data Trans­fers
In South Africa, per­son­al in­form­a­tion may be trans­ferred to a third party or or­gan­isa­tion out­side of South Africa, provided that one of the per­mit­ted cir­cum­stances out­lined in sec­tion 72 of the Pro­tec­tion...
11/07/2022
Man­aging cross-bor­der data trans­fers
In South Africa, per­son­al in­form­a­tion may be trans­ferred to a third party or or­gan­isa­tion out­side of South Africa, provided that one of the per­mit­ted cir­cum­stances out­lined in sec­tion 72 of the Pro­tec­tion...
07/07/2022
Cor­por­ate trends, Shad­ow Boards: what are they and how do they ap­ply in...
The im­pact of the COV­ID-19 pan­dem­ic has res­ul­ted in a shift in work­place cul­ture, for­cing or­gan­isa­tions to em­brace di­git­al trans­form­a­tion and ad­apt to new ways of work­ing, in the con­text of the Fourth...
05/07/2022
The Role of Em­ploy­ees in Data Pro­tec­tion
Many or­gan­isa­tions, in pre­par­a­tion for the com­mence­ment of the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”), have com­mis­sioned and draf­ted world-class or­gan­isa­tion­al data pro­tec­tion...
05/07/2022
Role of em­ploy­ees in data pro­tec­tion
Many or­gan­isa­tions, in pre­par­a­tion for the com­mence­ment of the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”), have com­mis­sioned and draf­ted world-class or­gan­isa­tion­al data pro­tec­tion...
01/07/2022
One year in­to POPIA - tak­ing stock
1 Ju­ly 2022 marks the one-year an­niversary of the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”) com­pli­ance dead­line for all or­gan­isa­tions, as provided by the gov­ern­ment of South Africa...
01/07/2022
One year in­to POPIA - tak­ing stock
1 Ju­ly 2022 marks the one-year an­niversary of the Pro­tec­tion of Per­son­al In­form­a­tion Act No 4 of 2013 (“POPIA”) com­pli­ance dead­line for all or­gan­isa­tions, as provided by the gov­ern­ment of South Africa...
23/06/2022
Shad­ow boards: what are they and how do they ap­ply in the cor­por­ate SA...
Fash­ion house Gucci was awoken from its cre­at­ive coma by young­er minds and sales soar­ing from 2014 to 2018. Cov­id-19 pan­dem­ic has res­ul­ted in a shift in work­place cul­ture, for­cing or­gan­isa­tions to em­brace...
12/05/2022
The suc­cess­ful al­loc­a­tion of the high-de­mand ra­dio fre­quency spec­trum
On 26 Ju­ly 2019, the Min­is­ter of Com­mu­nic­a­tions pub­lished the Policy on High De­mand Spec­trum and Policy Dir­ec­tion on Li­cens­ing of a Wire­less Open Ac­cess Net­work ("WOAN Policy") to tackle the spec­trum...