Outsourcing: South Africa overview
A Q&A guide to outsourcing in South Africa.
This Q&A guide gives a high level overview of legal and regulatory requirements on different types of outsourcing; commonly used legal structures; procurement processes; formalities required for transferring or leasing assets; data protection issues; customer remedies and protections; contracting parties' remedies; dispute resolution; and the tax issues arising on an outsourcing.
To compare answers across multiple jurisdictions, visit the Outsourcing Country Q&A tool.
This Q&A is part of the global guide to outsourcing. For a full list of jurisdictional Q&As, visit www.practicallaw.com/resources/global-guides/outsourcing-guide.
For the rules relating to transferring employees, visit Transferring employees on an outsourcing in South Africa: overview.
Regulation and requirements
The following regulations are relevant:
Guidance Note 5/2014 (Outsourcing Guidance), issued specifically for banks by the South African Reserve Bank (SARB). The Outsourcing Guidance requires that appropriate risk management programmes for service providers to whom functions have been outsourced are put in place and requires that all outsourcing arrangements that involve material business activities and functions entered into by banks are subject to appropriate due diligence, approval and monitoring by the bank.
Directive 159.A.i, issued by the Registrars of Long-term and Short-term Insurance (Insurance Outsourcing Directive), which deals with the outsourcing of an insurer's business, and provides that an insurer:
can only outsource insurance business functions if certain principles are complied with; and
must avoid, and where this is not possible, mitigate, any conflicts of interests that may arise as a result of the outsourcing.
The obligations imposed by the Insurance Outsourcing Directive are in addition to the requirements set out in the regulatory framework (for example, the requirements relating to a nominee business, binder agreements and assistance business group schemes).
There are no specific regulations applicable.
IT and cloud services
If both the customer and the suppliers are in South Africa, the provisions of the Broad-Based Black Economic Empowerment Act 2003 (B-BBEE Act) and its Information and Communication Technology Sector Code of Good Practice can apply.
If the customer is a public entity, the supplier must comply with the provisions of the B-BBEE Act and have the relevant rating (see below, Public sector). However there is no general legal requirement for a supplier to have a rating.
See above, IT and cloud services.
Outsourcing is not dealt with specifically in laws regulating state bodies in the national and provincial spheres of government. However, local government entities are subject to specific requirements and processes provided by the Local Government: Municipal Systems Act 2000, upon the occurrence of specified trigger events or circumstances relating to the provision of municipal services.
In the national and provincial spheres, where outsourcing is not specifically regulated, the general public sector procurement rules apply if a state body acquires goods or services from an external service provider as part of an outsourcing transaction. The following statutes in particular can be relevant:
Constitution of the Republic of South Africa 1996 (section 217).
The Public Finance Management Act 1999 (for procurement by organs of state in the national or provincial sphere of government).
The Local Government: Municipal Finance Management Act 2003 and the Local Government: Municipal Systems Act 2000 (for outsourcing and procurement by organs of state in the municipal sphere of government).
The Preferential Procurement Policy Framework Act 2000 (if a tender/competitive process is conducted to select a service provider).
The Promotion of Administrative Justice Act 2000, which regulates public sector decision-making.
The B-BBEE Act.
There are further specific requirements for the mining sector, and there are also general competition requirements that can affect all sectors.
Customers can be divided into two categories:
Customers who are holders of mining rights and prospecting rights granted under the national legislation regulating mining, the Mineral and Petroleum Resources Development Act 2002 (MPRDA) (licence holding customers).
Customers who provide services to mines (contractor customers).
Licence holding customers are entitled to outsource. Outsourced labourers who work at the mine or for the mine are employees for the purposes of the licence holding customer's regulatory compliance with the MPRDA and the Broad-Based Socio-Economic Empowerment Charter for the South African Mining Industry (Mining Charter). The Mining Charter is implemented by the Department of Mineral Resources (DMR) and requires the licence holding customer to expand opportunities to historically disadvantaged South Africans (HDSAs) through the achievement of a number of targets, such as those relating to the following:
Ownership of mining assets.
Human resource development.
Local economic development and planning for downscaling of operations.
These requirements are also contained in the social and labour plan (SLP) that forms part of the mining right of the Licence Holding Customer.
The SLP must indicate in the human resource development section how the licence holding customer will improve workforce skills by conducting an assessment of each worker's skills and creating a plan for improving these skills. Each SLP is unique. The licence holding customer must oversee skill development for outsourced labour where the outsourced labourer is, in the view of the DMR, a permanent outsourced employee working for a supplier at the mine.
Contractor customers are those entities that provide services to the mine (for example, drilling contractors or contract miners). Contractor customers are entitled to outsource to a supplier. In order to maintain the licence holding customer's compliance with the MPRDA, Mining Charter and the SLP, the contractor customer must be contractually bound to develop the skills of workers at the mine in place of the licence holding customer.
The Competition Act, which is of general application, prohibits:
Restrictive horizontal practices that involve anti-competitive arrangements between competitors.
Restrictive vertical practices that involve anti-competitive arrangements between customers and suppliers.
Outsourcing agreements can give rise to restrictive horizontal practices if, for example, they result in the fixing of prices or market division (through the allocation of customer, suppliers or territories between competitors or potential competitors).
Outsourcing arrangements can result in restrictive vertical practices if they result in a substantial lessening or prevention of competition in the relevant market, or if they contain compulsory minimum resale price maintenance provisions.
There are specific requirements for regulatory notification or approval of outsourcing transactions in the mining sector and also general competition requirements that affect all sectors.
There are no regulatory notification or approval requirements for outsourcing transactions in the mining sector. Customers who are holders of mining rights and prospecting rights granted under the Mineral and Petroleum Resources Development Act 2002 (MPRDA) (licence holding customers) are free to outsource (including outsourcing the function of conducting mining operations) without having to first notify the Department of Mineral Resources or obtain its approval. However, certain requirements apply where a licence holding customer has outsourced labour, and associated downscaling or retrenchment could result in the laying off of 10% or more of the labour force or more than 500 employees, whichever is the lesser, in any 12-month period. In that case, the licence holding customer must give notice of this possible outcome to the Minister of Mineral Resources, after consultation with registered trade unions and affected employees. The MPRDA 2002 entitles the Minister to issue a directive that the licence holding customer must take measures to save jobs. If this is not complied with, the Minister can provide assistance to or apply to a court for judicial management of the mining operation. In practice, the Minister is unlikely to make such a directive.
Any transaction (including an outsourcing arrangement) requires notification to and approval by the South African competition authorities under the Competition Act, where the transaction:
Falls within the jurisdiction of the South African competition authorities. In terms of section 3(1) of the Competition Act, the Competition Act applies to all economic activity within, or taking effect within, South Africa.
Satisfies the definition of a merger set out in section 12(1)(a) of the Competition Act. An outsourcing arrangement that results in the (direct or indirect) acquisition of control over the whole or part of another firm's "business" will be regarded as a "merger". South African case law indicates that assets will comprise a "business" if they enlarge the market share or productive capacity of the acquiring firm, or if they increase concentration in the industry.
Meets the merger thresholds relevant to an intermediate or large merger. Parties to a small merger can implement the merger without approval. However, intermediate and large mergers cannot be implemented without the requisite approval.
Exchange control approval
Where the customer or supplier is an off-shore entity, the South African Exchange Control Regulations apply (promulgated under the Currency and Exchanges Act No. 9 of 1933 (as amended)).
Joint venture (JV)
Typically, JV structures entail the incorporation of a separate legal entity, usually a private company. The customer and supplier will hold equity in the entity, and contribute certain assets, know-how and capital. This is known as an incorporated JV, and the parties' relationship is generally governed by a memorandum of incorporation and a shareholders' agreement.
In very rare circumstances, the parties can use an unincorporated JV, which is not a separate legal entity. The relationship between the parties in relation to unincorporated JVs is typically governed by a JV agreement.
JVs, also known as collaborative outsourcing arrangements, involve risk, resources and knowledge-sharing.
The advantages of using a JV include:
The customer can retain direct control over the services provided by the JV, through exercising voting rights at both a shareholder and board level.
If either one of the parties is a foreign entity entering into a JV with a local entity, the foreign entity has an opportunity to understand the local landscape better, and the local entity is likely to benefit from being affiliated with an international partner.
Each party benefits from resources and knowledge-sharing.
From the supplier's perspective, the risk for rendering the services is usually shared.
The disadvantages include:
The establishment of a JV can be expensive and time-consuming.
From the customer's perspective, the risk for rendering the services is shared.
The JV creates additional administration and legal regulation.
Exiting the JV may be complex and needs to be contractually regulated.
The single supplier structure involves the customer appointing one supplier to provide all the services intended to be outsourced. The relationship between the parties is typically governed by a service level agreement (SLA). One of the key distinctions between a JV and a single supplier arrangement is that the responsibility and risk for rendering the services rests solely on the supplier, as opposed to both the customer and the supplier.
The advantages of this structure are as follows:
From the customer's perspective, if the supplier fails to adequately render the services agreed under the SLA, it can only pursue action against one party, as opposed to multiple parties.
The customer is not required to manage several suppliers, as opposed to the multiple supplier structure.
The key disadvantage from the supplier's perspective is that the supplier is solely responsible for rendering the services. Therefore, should the supplier fail to adequately render the services under the SLA, it must bear all the related costs and damages.
The multiple supplier involves the customer appointing more than one supplier for a portion of the services intended to be outsourced. The customer will conclude various SLAs with multiple suppliers. Typically, to mitigate the disadvantages of this structure (see below), the customer will appoint a third party to manage and co-ordinate the multiple suppliers.
The advantages are:
From the customer's perspective, the customer has the ability to choose suppliers based on their areas of expertise, and therefore the best provider of the required outsourced services.
This structure promotes improvement of services, including service quality, because the various suppliers of the outsourced services compete amongst themselves.
The disadvantages include:
This structure can be more time-consuming and costly in that the customer is required to manage and communicate with multiple suppliers as opposed to one.
The customer can be exposed to some risk in instances where there is a gap in the accountability between the various suppliers.
The procurement process differs in the public and private sectors. The public sector procurement process is regulated, whereas in the private sector each company can develop and implement its own procurement policies.
Request for proposal (RFP)
The complexity of an RFP procurement process depends on the customer's procurement policy and needs. Typically, a customer will only issue an RFP once it has assessed all of its internal requirements and has conducted a need analysis. The duration of the RFP will largely depend on the complexity and size of the transaction.
An RFP is advisable where the scope of the services and cost relating to the provision of the services are certain and identifiable. If this is not the case a customer must first issue a request for information, and only after that issue an RFP. An RFP states the conditions and/or qualification criteria (for example compliance with other requirements under the Broad-Based Black Economic Empowerment Act of 2003) that must be satisfied for a supplier to be eligible to win the contract.
It is further advisable that:
Advisers draft the RFP, although this will depend on the requirements of the customer.
A draft service level agreement (SLA) forms part of the RFP bundle for consideration and comment by the various bidders.
Some advantages of using an RFP process are:
It is more equitable for all parties concerned.
It reduces the time it takes to negotiate the SLA, by attaching a draft to the RFP bundle.
Responses are constructed in a similar manner, making it easier to conduct an analysis.
A due diligence investigation is a process by which the bidders are narrowed down.
Typically, a customer may wish to conduct a due diligence investigation into the "pre-selected" suppliers' businesses to identify and select the supplier that represents the best value.
In many cases, the "pre-selected" suppliers can also be offered the opportunity to conduct a limited due diligence investigation into the customer's business. The purpose of this investigation is to enable each of the suppliers to understand the customer's business and needs, for the purpose of refining their offer. The customer should employ a due diligence team to assist the "pre-selected" suppliers' in their respective investigations. The duration of the due diligence investigation is dictated by the customer.
In the mining sector, customers who are holders of mining rights and prospecting rights granted under the Mineral and Petroleum Resources Development Act 2002 (MPRDA) (Licence Holding Customers) must comply with the requirements in the Broad-Based Socio-Economic Empowerment Charter for the South African Mining Industry (Mining Charter) regarding procurement. These requirements provide that the License Holding Customer must procure from historically disadvantaged South African (HDSA) suppliers:
40% of capital goods.
50% of consumable goods.
70% of services.
The licence holding customer must provide documentary evidence that any HDSA supplier is either an HDSA or a company that is 26% owned by HDSAs in order to make a report of compliance with the Mining Charter. Where there is a lack of HDSA suppliers, licence holding customers must show a procurement progression plan and how it intends to procure from HDSA suppliers in the future.
Licence holding customers are also required under the terms of the Mining Charter to contribute 0.5% procurement value of the annual spend on procurement from multinational suppliers to a social fund. Additionally, the licence holding customer must report on this for the purposes of compliance with the Mining Charter.
Procurement by customers who provide services to mines (contract customers) at the mine will be used to measure the licence holding customer's compliance with its procurement obligations.
Transferring or leasing assets
Formalities for transfer
To transfer immovable property a new title deed must be issued by a deeds registry, under the terms of the Deeds Registries Act 47 of 1937 and a conveyancing process carried out by an admitted conveyancer who must be an attorney.
All sales of land must be in writing and signed by the parties or their authorised agent (Alienation of Land Act No. 68 1981).
Land rights are not licensed but can be leased by agreement between the parties. For long leases (that is, over ten years), the formalities prescribed in the Leases of Land Act No. 18 1969 apply. For these leases to be binding on onerous successors in title to the land (that is, successors who have given value), the lease must be registered against the title deeds of the land in a deeds registry.
IP rights and licences
To validly transfer IP rights (whether copyright, design rights, patent rights or trade marks) from one party to another, the parties must comply with the relevant provisions of the statutes governing each category of rights. The formalities for transfer are as follows:
Copyrights. An assignment of copyright must be in writing, signed by or on behalf of the assignor.
Trade marks. An assignment of a registered trade mark or a trade mark that is the subject of an application for registration must be in writing and signed by or on behalf of the assignor. This assignment of rights must be recorded with the Companies and Intellectual Property Commission (CIPC) and failing to do so within 12 months from the effective date of the assignment can result in the payment of penalties.
Patent. An applicant for a patent or a patentee can in writing assign his rights in an application or patent to any other person. Although the word "may" is used in the Patents Act, the Court of the Commissioner of Patents interpreted the wording to mean that an assignment of a patent must be in writing. Assignment agreements must be recorded with the CIPC to be effective against third parties.
Designs. An applicant for the registration of a design or a registered proprietor can assign his rights in an application or design to any other person, and unless such assignment is in writing it will not be valid. In order to be effective against third parties, assignment agreements must be recorded with the CIPC.
Where the customer and the supplier are based in South Africa, copyright is transferable by assignment (Copyright Act, 98 of 1978). To be effective, an assignment of copyright must be in writing and signed by the assignor.
If any intellectual property right is proposed to be licensed or assigned to an entity that is not a South African exchange control resident, the South African Exchange Control Regulations (promulgated under the Currency and Exchanges Act No. 9 of 1933 (as amended) applies. Regulation 10 (1) provides that no person, except with permission granted by the Treasury and in accordance with such conditions as the Treasury may impose, can enter into any transaction where capital or any right to capital is directly or indirectly exported from South Africa.
The terms "capital" and "exported from the Republic" are defined as follows (Regulation 10(4)):
"Capital" includes, without derogating from the generality of the term, any intellectual property right, whether registered or unregistered.
"Exported from the Republic" includes, without derogating from the generality of the term, the cession of, the creation of a hypothetic or other form of security over, or the assignment or transfer of any intellectual property right, to or in favour of a person who is not resident in the Republic.
The term "intellectual property" is not defined in the Exchange Control Regulations, but it should be clear that intellectual property rights as referred to in the Exchange Control Regulations include patents, copyright, design rights and trade marks. It is probable that the provisions of the Exchange Control Regulations also apply to "know how".
As a result, transactions involving the assignment or licensing of intellectual property rights from a South African exchange control resident to an offshore entity will (with some limited exceptions) require prior approval from the Financial Surveillance Department of the South African Reserve Bank.
Movable property is transferred when the parties conclude a real agreement and when the item is delivered. Delivery can either take place through actual delivery (the movable property is physically handed over to the transferee) or through constructive delivery. In many instances, the parties will conclude a written sale agreement.
The outsourcing of key contracts is governed by common law in South Africa. The general rule is that rights under a contract can be transferred to a third party by means of a transfer agreement known as cession, unless otherwise provided. Duties under a contract can be transferred to a third party through a process called delegation. In most cases, whether transferring contractual rights, contractual duties or both, the consent of the other party to the contract is required.
Data and information
See Question 10.
Formalities for leasing or licensing
See Question 7.
IP rights and licences
An exclusive licence to do an act that is subject to copyright does not have effect unless it is in writing, signed by or on behalf of the licensor (see Question 7, IP rights and licences). No specific requirements are provided for in respect of formalities for trade mark rights related to licence agreements, and the recording of licence agreements with the Companies and Intellectual Property Commission (CIPC) is not a requirement, although it can have certain advantages. No specific requirements are provided for in respect of formalities related to licence agreements for patents and design rights, but licence agreements must be recorded with the CIPC to be effective against third parties. However, in all cases, it is good practice to ensure that licence terms are reduced to writing.
If an intellectual property right is proposed to be licensed to an entity that is not a South African exchange control resident, the prior approval of the Financial Surveillance Department of the South African Reserve Bank can be required. Failure to comply with this requirement can affect the validity of the relevant transaction and amount to an offence under the Exchange Control Regulations.
Generally, movable property can be leased by the parties concluding a written agreement, such as a lease agreement.
See Question 7.
Data and information
See Question 10.
Transfer by operation of law
Section 197 of the Labour Relations Act 66 of 1995 (LRA) regulates the automatic transfer of employees' contracts of employment by operation of law in circumstances where the whole or a part of any business, trade, undertaking or service transfers from one employer to another as a going concern. In determining whether or not section 197 applies to a transaction where specific services are outsourced, a court will have regard to the substance of the outsourcing transaction rather than the form that it takes.
However, it is important to draw a distinction between the outsourcing of a business or part as a going concern, and the provision of an outsourced service. In circumstances where a service has simply been contracted out in such terms that the outsourcee is responsible for making appropriate business infrastructure arrangements (for example, securing staff, letting property, acquiring fixed assets, machinery or implements, computers, computer networks), the cancellation of a contract only means that the outsource will:
No longer provide the service.
Retain all the infrastructure that it had utilised to provide the service to the client.
Whilst the term "going concern" is not defined in the LRA, the Constitutional Court in Aviation Union of South Africa and Another v South African Airways Proprietary Limited and Others  3 BLLR 211 (CC) (Aviation Union case) confirmed its previous finding in regard to the meaning of this term and concluded:
In deciding whether a business has been transferred as a going concern, regard must be had to the substance and not the form of the transaction.
A number of factors will be relevant to the question of whether a transfer of a business as a going concern has occurred, including:
the transfer or otherwise of assets both tangible and intangible;
whether or not workers are taken over by the new employer;
whether customers are transferred; and
whether or not the same business is being carried on by the new employer.
This list of factors is not exhaustive and none of them is decisive individually.
In addition the court confirmed that:
Whether an outsourcing arrangement attracts the application of section 197 is to be determined in the same way as any other possible transfer.
The court will scrutinise the outsourcing transaction in question and the factual circumstances surrounding it, to determine whether, on the applicable test, section 197 is triggered.
If an outsourcing transaction falls within the ambit of section 197, the new employer is automatically, by operation of law, substituted for the old employer for all contracts of employment in existence immediately before the date of the transfer. It is not necessary for the old and the new employer to agree that the employees will be transferred, nor is the consent of the employees required.
Change of supplier
In the Aviation Union case, the Constitutional Court held that there is also no reason, in principle, why section 197 should not apply to second generation outsourcing.
Whether a second generation, or for that matter, any further outsourcing arrangement attracts the application of section 197 is to be determined in the same way as any other possible transfer. Therefore the court will scrutinise the transaction in question and the factual circumstances surrounding it, to determine whether, on the applicable test, section 197 is triggered.
Whether termination (an insourcing arrangement) attracts the application of section 197 is to be determined in the same way as any other possible transfer (see above, Change of supplier).
Data protection and secrecy
Data protection and data security
General requirements. In South Africa, the processing of data is currently regulated by the common law and will also be regulated by the Protection of Personal Information Act No. 4 of 2013 (POPI). Certain provisions of POPI (relating to the appointment of the Information Regulator) came into effect on 11 April 2014. The remaining provisions of POPI, including those regulating the processing and data, will come into effect at a later date to be proclaimed by the President of the Republic of South Africa (it is anticipated that this will be at the end of 2016 or beginning of 2017). POPI will operate in conjunction with the common law right to privacy set out in section 14 of the Constitution.
The common law right to privacy can be infringed by the unauthorised collection and disclosure of data. Any infringement is actionable in delict (equivalent to tort in other jurisdictions), and the onus is on the person infringing a privacy right to prove that the infringement is justified. Generally unreasonable infringement of a person's right to privacy is not justifiable.
POPI imposes obligations for the lawful processing of personal information on the "responsible party". A responsible party is a public or private body or any other person who, alone or in conjunction with others, determines the purpose of and method of processing personal information.
The definition of "personal information" in POPI is very wide and includes:
Information relating to a person's race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth.
Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment of a person.
A person's name (if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person).
"Processing" is also widely defined and includes any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including the:
Collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use.
Dissemination by means of transmission, distribution or making available in any other form.
Merging, linking as well as restriction, degradation, erasure or destruction of information.
Under POPI, the processing of personal information will only be lawful if it is conducted in compliance with the eight conditions of lawful data processing contained in (Chapter 3, POPI):
Accountability. The responsible party must ensure compliance with conditions for lawful processing when personal information is processed.
Processing limitation. To be lawful, the processing must be done in a reasonable manner that does not infringe on the privacy of the person whose information is being collected (data subject). The responsible party must ensure that the personal information processed is adequate, relevant and not excessive in relation to the purpose for which it is processed (more information must not be collected than is necessary for the relevant purpose). POPI provides, among others, that the processing is justified if:
the data subject expressly consents to it;
the processing is necessary to carry out actions for the conclusion or performance of a contract to which that person is a party; or
the processing is necessary for pursuing the legitimate interests of the party collecting the information or a third party to whom the information is supplied.
Purpose specification. Personal information must be collected for a specific, expressly defined and lawful purpose related to the functions and/or activities of the responsible party, and the information can only be retained for as long as it is necessary to meet the purpose for which it was collected.
Further processing limitation. If personal information is processed further, after the initial collection and/or processing, the further processing must be compatible with the original purpose for which it was collected. It may therefore be necessary, prior to collection, to consider any possible future uses of the personal information and to disclose such uses to data subjects when the information is collected.
Information quality. The responsible party has an obligation to ensure that the personal information collected is complete, accurate, not misleading and updated where necessary taking into account the purpose for which the information was collected. Once personal information has been collected, the responsible party has an obligation to ensure that a record of such personal information is not retained for a period longer than what is necessary and reasonable, unless the person whose information is being retained has given their consent to a longer period of retention. As soon as the responsible party is no longer authorised to retain a record of personal information (for example, if retention is no longer necessary for the relevant purpose), the record must be destroyed or deleted as soon as possible, unless the data subject has consented to a longer retention period.
Openness. The responsible party must take all reasonably practicable steps to ensure that the data subject is, among others, aware:
that his personal information is being collected;
of the purpose for the collection of the personal information;
of whether or not it is mandatory to provide the information;
the consequences of any failure to provide the personal information;
details of the responsible party/parties; details of the Information Regulator; and
of what rights the individual has under POPI.
Security safeguards. The responsible party must ensure that all the personal information collected is stored in a manner that protects its confidential nature, and take all reasonable measures to prevent loss of, damage to, or the unauthorised destruction of personal information. The responsible party is therefore under an obligation to secure the integrity and confidentiality of the personal information in its possession or under its control.
Data subject participation. A data subject has a right to request a responsible party to confirm what personal information of the data subject is retained by the responsible party and to confirm who has access to such information, including any third parties to whom the information may be transferred. The data subject also has the right to access his personal information that is retained by the responsible party to ensure that the information is correct and/or to request the responsible party to destroy or delete a record of personal information that the responsible party is no longer authorised to retain.
In terms of section 14(1) POPI, a responsible party can only retain records of personal information for a period longer than what is necessary to achieve the purpose for which the information was collected, among others if the:
Longer retention of the record is required by law.
Data subject consented to the longer retention of the records.
The responsible party requires the record for lawful purposes related to its functions or activities.
The retention of the record is required by a contract between relevant parties.
Once the information can no longer be retained, it must be destroyed, deleted or de-identified.
Consent may be given for the processing of personal information. Consent, which must constitute a voluntary, specific and informed expression of will, may be given verbally, but it is advisable for evidentiary reasons to obtain consent using a consent form and/or similar written document. To comply with POPI, any such consent must set out the reasons why:
The information is collected and/or retained and/or processed (as defined).
The period of time for which the information will be retained.
Any other relevant information in relation to the information collected.
Employment contracts and terms of engagement, concluded between employees and employers respectively, can contain such a consent clause. Should the data subject (employee) not sign the consent form, a responsible person (employer) may nevertheless argue that it is under a legal obligation to collect and/or retain certain information for prescribed periods of time.
Personal information can only be transferred across borders in specific circumstances. It is only permissible for personal information to be transferred abroad if the third party outside South Africa to whom the data is transferred is subject to a law, binding corporate rules or binding agreement that provides an adequate level of protection which is:
Substantially similar to the conditions for lawful processing contained in POPI.
Includes provisions substantially similar to Chapter 9 of POPI to restrict further transfer of the personal information. Alternatively, personal information can be transferred across borders where the data subject consents to the transfer of the information.
Stricter conditions apply when a responsible party processes special personal information. "Special personal information" under POPI includes personal information relating to:
Religious or philosophical beliefs.
Race or ethnic origin.
Trade union membership.
Health or sex life.
Biometric information of a data subject.
Criminal behaviour of a data subject, to the extent that such information relates to:
the alleged commission by a data subject of any offence; and
any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
Contracts between customers and suppliers can therefore contain contractual obligations placed on each party to guarantee that any processing of personal information will comply with all applicable national, provincial, municipal and other laws, including POPI. A supplier should undertake to ensure that all its technical and organisational systems and operations which it uses to provide the services, including all systems on which data is copied, compiled, collected, collated, processed, mined, stored, transmitted, altered or deleted or otherwise used as part of providing the services, at all times:
Meet the minimum standard required by law.
Do not fall below the standards which are in compliance with the international best practice for protection, control and use of personal data within the relevant industry.
Additional warranties, indemnities and undertakings may need to be included in any contracts with suppliers and customers.
Once POPI is enacted, the responsible party must put security measures in place to ensure that the personal information of data subjects (which includes clients'/employees'/suppliers' data) that is in its possession and under its control is not accessible by unauthorised parties and is kept safe. If a responsible party makes that information available to an "operator" (which is any person who processes personal information for the responsible party in terms of a mandate without coming under the direct authority of the responsible party), the responsible party must ensure that the operator also establishes and maintains the required security measures.
Data protection and secrecy
It is advised to include contractual provisions in the outsourcing agreement in terms of which the supplier will provide all services utilising security technologies and techniques in accordance with information and communications technology industry best practices, and in accordance with the customer's own security policies, procedures and standards. The supplier must also agree to ensure that all its technical and organisational systems by which data is processed as part of providing the services, are at all times of a minimum required by law and do not fall below the standards which are in compliance with the international best practices for the protection of data in the relevant industry.
Mechanisms to ensure compliance
POPI provides for the appointment of the Information Regulator. The Information Regulator will have an oversight function to ensure compliance with the requirements of POPI and to deal with any complaints that may be referred to it by data subjects. Any person can lodge a complaint with the Information Regulator regarding an alleged or actual breach and/or non-compliance with POPI. When a complaint is lodged with the Information Regulator, the Information Regulator may try to secure a settlement between the parties or initiate an investigation.
If the responsible party is found to be in breach of POPI, the Information Regulator may issue an enforcement notice and the data subject or the Information Regulator may sue the responsible party for damages.
Courts in South Africa have jurisdiction to apply and enforce the provisions of POPI, in addition to the power to enforce and adjudicate disputes arising under the common law.
POPI is, to a large extent based on UK and EU data protection laws and directives. Further, POPI refers to international standards as a source of "soft" law (for example, international standards may be considered when interpreting POPI and international standards must be considered when the Information Regulator performs its functions). One of the explicit objectives of POPI is to regulate the processing of personal information in harmony with international standards.
Compliance specifically with UK and EU data protection laws will however be necessary if the responsible party is subject to such additional requirements.
Sanctions for non-compliance
Non-compliance with POPI may lead to a civil action for damages, regardless of whether intent or negligence can be proven on the part of the responsible party (no-fault liability), and to the Information Regulator issuing an enforcement notice. Non-compliance with an enforcement notice issued under POPI (which has not been overturned by a court or the Regulator), or unlawful acts in connection with an account manager, constitutes an offence and may lead to criminal penalties, for example:
A fine not exceeding ZAR10 million.
Imprisonment for a period not exceeding ten years.
Both a fine and imprisonment.
Even if a contravention of POPI is attributable to the actions of an employee, liability will nonetheless remain with the responsible party. However the responsible party may be able to take disciplinary action against any employee who caused the responsible party to breach POPI.
A customer may be liable under POPI if the customer is the data controller/responsible party. Customer's remedies in relation to the processor and sub-processor are therefore limited to contract.
General requirements. As a general common law rule, it is an implied term of the contract between a bank and its customer that the banker is under a duty not to disclose information concerning the customer's affairs. This duty extends to enquiries made by prospective customers and continues after the person ceases to be a customer and derives from legislation, contract and the protection of privacy.
However this duty is not absolute and there are circumstances justifying disclosure. In South African law, the following four qualifications to this duty are recognised:
Where disclosure is under compulsion of the law.
Where there is a duty to the public to disclose.
Where the interests of the bank require disclosure.
Where the disclosure is made with the express or implied consent of the customer.
Section 6.1 of the Code of Banking Practice (Code), a self-regulatory mechanism that sets guidelines relating to the relationship between banks and their personal and small business customers, deals, among other things, with issues of confidentiality. It expressly reiterates the common-law provisions relating to bank secrecy and provides that banks will treat their clients' personal information as private and confidential, and, as a general rule, will not disclose personal information about clients or their accounts even when the client is no longer a customer of the relevant bank, unless done so under recognised circumstances. The Outsourcing Guidance note referred to above relating to the outsourcing of material bank business activities and functions further provides that outsourcing contracts and service level agreements should at a minimum include confidentiality, integrity, privacy and security of information provisions.
There is no explicit common law requirement that security measures be put in place to protect the security of bank data. Nor are there specific security requirements imposed in terms of the Banks Act 94 of 1990 (Banks Act). However, the Outsourcing Guidance specifically addresses concerns related to storing data in clouds located offshore and requires that a comprehensive outsourcing agreement be entered into which, at a minimum, includes provisions concerning confidentiality, integrity, privacy and security of information.
Further, in terms of the Code, where a bank discloses customer information to third party service providers, it must take reasonable steps to satisfy itself that the information will be treated as private and confidential and is adequately safeguarded by the service providers before transferring the information.
Mechanisms to ensure compliance
The Outsourcing Guidance requires that, where a bank outsources functions (which may include the outsourcing of storage and processing of confidential bank information pertaining to consumers), the bank must ensure that it has sufficient and appropriate resources to monitor and manage the outsourcing relationship at all times.
The Banking Supervision Department of the SARB oversees has jurisdiction over all banks (and representative offices) in South Africa and monitors their activities under the Banks Act.
The Banking Supervision Department of the SARB monitors and considers developments on the international regulatory and supervisory fronts in an ongoing effort to promote the integrity and stability of the domestic banking sector.
Sanctions for non-compliance
If the Registrar of Banks (who is under the aegis of the Banking Supervision Department of the SARB) believes on reasonable grounds that a bank or controlling company has contravened or failed to comply with the Banks Act, the Registrar can, after consideration of all material facts, impose a penalty not exceeding ZAR10 million for every day during which contravention or non-compliance with the Banks Act continues.
Confidentiality of customer data
General requirements. All the legal principles set out in POPI and the common law apply mutatis mutandi to "customer data" (which itself also constitutes personal information).
Obligations are also imposed under contract. Contractual provisions may provide exceptions where information may be disclosed, for example, if required by order of a court of law. In this case the receiving party would be required to notify the disclosing party of the disclosure (if allowed under the circumstances).
Security requirements.See above, General requirements.
Mechanisms to ensure compliance. See above, General requirements.
International standards. See above, General requirements.
Sanctions for non-compliance. See above, General requirements.
Service specification and levels
Typically, the service specification and service levels form part of the underlying agreement governing the relationship between the parties, which may either be drawn up jointly or by the customer. However, the service specification, together with the underlying agreement, is usually drawn up by a third party consultant, such as an attorney, with input from each of the parties.
Generally, parties mutually agree on how the supplier's level of performance will be measured and monitored. Usually this entails both quantitative and qualitative performance levels, as well as a positive obligation on the supplier to deliver to the customer a detailed comprehensive report of its performance against each service level.
Typically, a service level agreement (SLA) will include a provision that in the event that the supplier fails to meet the agreed service levels as set out in the SLA, it must pay the customer, a penalty amount, at the customer's election.
To the extent that the SLA includes any penalty provisions for non-performance of services, the Conventional Penalties Act, No 15 of 1962 may apply. Under section 3 of this Act, if on the hearing of a claim for a penalty, it appears to the court that this penalty is out of proportion to the prejudice suffered, the court can reduce the penalty to the extent that it considers equitable in the circumstances. Effectively, this provision creates a loophole in which suppliers can potentially avoid the application of onerous penalty provisions as contained in an SLA.
Flexibility in volumes purchased
The level of flexibility in adjusting volumes is usually dependent on the negotiations between the parties. Typically, a service level agreement (SLA) will be drafted on the basis that the customer commits itself to a fixed volume. The SLA will also include a change control provision entitling the customer either to increase or reduce volume commitments. Where the customer contemplates a reduction in volumes, it is highly recommended that the SLA makes provision for a reduction in the service fee as well.
Charging methods and key terms
Under this method, the customer pays a fixed service fee for the services provided, creating certainty for both the customer and the supplier. This method is typically used when both parties are clear as to the specifications and scope of services to be provided.
Under this method, the customer pays a fixed service fee for the services provided (as with the fixed price model), however, a top up fee may be payable, depending on the supplier's level of performance.
Cost plus pricing
Under this method, the customer agrees to pay the supplier the actual cost of providing the services (such as labour and overhead cost), as well as a fixed percentage of the cost. From a customer perspective, this module may not be preferable, given that the supplier may not be motivated in reducing cost, as this model allows such costs to be passed to the customer.
Under this method, the parties agree on a unit price for the services to be provided. Accordingly, the customer is only obliged to pay an amount relating to the usage of the services.
Performance Based Pricing
Under this method, the customer agrees to pay the supplier on a "sliding-scale" basis based on the supplier's performance. Performance may be linked either to quantitative or qualitative milestones.
Typically a service level agreement (SLA) will make provision for:
The customer to appoint a benchmarker to carry out a benchmarking process, in order to assess the extent to which the customer is receiving the services competitively. This benchmarking exercise will typically also include an evaluation of the services fee payable so as to assess the current service fees.
Audit rights, which allow for the customer to audit the charges levied by the supplier.
Reduction of the service fee in the event that certain services rendered under the SLA are terminated.
Annual price review.
Dispute fees. The SLA may provide that in an event of a dispute relating to the amount of service fees payable, the customer can withhold payment and have the dispute resolved in accordance with the dispute resolution provision. This provision is more favourable to the customer. Alternatively, the SLA may provide that in an event of a dispute as to the amount of service fees payable, the customer is, nonetheless, obliged to pay the service fee, and only, if the dispute is decided in its favour will such amount be refunded. This provision favours the supplier.
Customer remedies and protections
In addition to the protections available under common law, the following additional protections may be included in the contractual documentation:
In the event of non-performance by the supplier, the customer, or a third party acting on its behalf, is entitled to "step-in" the shoes of the supplier and take over the operations, at the supplier's cost. However, in practice, suppliers typically try to negotiate the exclusion of such "step-in rights" due to issues such as data protection. Often the service level agreement will provide certain trigger events in relation to "step-in-rights".
The supplier to obtain the prior written consent of the customer, should it wish to enter into any sub-contracting arrangements.
The supplier's parent company to provide a grantee for the performance of the supplier.
The ability to withhold and/or forfeit the payment of fees.
Warranties and indemnities in favour of the customer.
Reporting and governance.
The right to conduct an audit on the supplier.
A positive obligation on the supplier to have in place a disaster recovery plan so as to ensure continuation of services.
A provision granting the customer the right to appoint a benchmarker to carry out a benchmarking process, to assess the extent to which the customer is receiving the services competitively.
Warranties and indemnities
As with all commercial agreements, the types of warranties and indemnities given will depend on certain factors including the complexity of the arrangement, the nature of services provided, the relationship between the parties, and the outcome of due diligence investigations and negotiations.
For supplier warranties, the supplier will typically warrant to the customer that:
It has the full capacity and authority and has obtained all the necessary approvals to enter into and perform its obligations under the service level agreement (SLA) and to provide the services.
It has complied with all relevant South African legislation and other legal requirements that may apply as a result of the nature of the services, and will continue to comply with such legislation and other legal requirements for the duration of the SLA.
It is experienced in managing and providing services similar to and of the scale and complexity of the services to be provided, and possesses all necessary expertise, tools, equipment and technology to provide the services.
It will notify the customer immediately should it encounter or foresee any circumstances that may prevent it from fulfilling its obligations to the customer under the SLA.
The services will be supplied and rendered by appropriately qualified, trained and experienced personnel.
It will perform the services with reasonable care and skill and in accordance with generally recognised commercial practices and standards.
It will conform with all descriptions and specifications, as set out in the SLA.
For customer warranties: the customer will typically warrant that:
It has the full capacity and authority and has obtained all the necessary approvals to enter into and perform its obligations under the SLA and to provide the services.
It has complied with all relevant South African legislation and other legal requirements that may apply as a result of the nature of the services and will continue to comply with such legislation and other legal requirements for the duration of the SLA.
The supplier will typically grant, in favour of the customer, an indemnity against any loss, expense or damage suffered by the customer, its directors, officers, employees, customers, agents, contractors arising out of or in connection with:
Any breach of the warranties.
Claims by a third party.
Any act or omission of the supplier or its personnel in connection with or resulting from the provision of the services.
A customer would ordinarily only indemnify the supplier against any loss, expense or damage suffered by the supplier, its directors, officers, employees, customers, agents, contractors arising out of or in connection with any breach of the warranties. It is also usual to exclude from the ambit of the indemnity.
Generally, neither national nor provincial law imposes any limitations on fitness for purpose and, quality of service, or similar warranties. However, in certain instances, the Consumer Protection Act No. 68 of 2008 (CPA) may apply. Section 56 of the CPA provides for an implied warranty of quality in respect of goods supplied to a consumer. This implied warranty relates to the purpose, durability and quality of the product.
There are a wide variety of insurance types available from reputable and established insurers, including:
Liability insurance (including employee liability).
Property damage insurance.
Public liability insurance.
Professional indemnity insurance.
Business interruption insurance.
Cyber liability insurance.
Income protection insurance.
Directors and officers insurance.
Term and notice period
The length of a notice period under an outsourcing arrangement is not prescribed by national or provincial law. Accordingly, the parties are free to agree the length of a notice period and the circumstances in which the agreement can be terminated, as they deem fit. Standard notice periods vary from one to three months, depending on the ground giving rise to the particular termination, the termination and termination consequences.
Termination and termination consequences
Events justifying termination
The contracting agreement can include a provision that in the event that either party commits a material breach, the other party will be entitled to immediately terminate the agreement. It is highly recommended that the contracting agreement clearly stipulates what constitutes a material breach.
The contracting agreement can include a provision that where either party commits one of the following acts, the other party will be entitled to immediately terminate the agreement:
An act that would be an act of insolvency as defined in the Insolvency Act 1936 as amended or replaced from time to time, if committed by a natural person.
Effects or attempts to effect a compromise or composition with its creditors.
Takes steps to place itself or is placed in liquidation, or is placed under business rescue, whether provisionally or finally.
Termination for convenience
The contracting agreement may include a provision entitling either the customer or both parties from terminating the agreement for convenience, by giving the other party reasonable notice of the termination. In most instances, a provision of this nature can only be enforceable after a certain period has lapsed since the contracting period came into force and effect, usually 12 months from the effective date.
The contracting agreement may also include the following:
A provision, that in the event of a change of control in respect of either party, the other party may terminate the agreement by written notice.
A provision that if a party cannot perform its obligations or if performance is delayed by a force majeure event for more than a certain period, such as 20 consecutive calendar days in any 365 days period, then on expiry of this period, the other party can terminate the agreement by written notice.
IP rights and know-how post-termination
The licensing of intellectual property rights both during and after the outsourcing relationship must be determined by way of agreement between the parties and there are no automatically included implied rights to continue using any intellectual property rights post-termination. However the facts related to the consequences of termination may suggest that limited implied rights must exist, such as, for example, for the supplier to perform obligations related to the transfer and retention of records, but it is advisable to regulate such rights explicitly by way of a written agreement.
Liability, exclusions and caps
It is common in outsourcing arrangements for the supplier to negotiate the exclusion of its liability for consequential and indirect losses, as well as loss of business, profit and revenue.
Further, under common law, a supplier could and still can exclude any liability in relation to defects by agreement. It is important to be mindful when drafting such exclusion of liability provisions, to include clear and specific language regarding the extent of coverage of the exclusion.
However, each producer, importer, distributor or retailer of a particular product is strictly liable for any harm caused where that product (section 61, Consumer Protection Act No. 68 of 2008):
Has a product failure, defect or hazard.
Is provided with inadequate instructions or warnings in relation to any hazard arising from or associated with the use of the product.
Parties are free to cap their liability. In terms of commercial practice, the liability is usually capped at the contract value. However, in certain circumstances, the parties can agree to different cap thresholds depending on the claim, although the threshold is unlikely to exceed the contract value.
It is also common practice for the contract agreement to provide that any limitation or cap on liability will not be applicable to any liability emanating from wilful misconduct or fraud or a breach of the provisions of dealing with anti-corruption.
The main methods of dispute resolution are mediation, arbitration and litigation.
It is common for agreements to contain cascading dispute resolution provisions. The initial attempt to resolve the dispute is often by way of a meeting between senior management of the parties. If this is unsuccessful, the dispute moves to mediation before an accredited mediator (under, for instance, the UNCITRAL model rules). If mediation is unsuccessful, the matter moves to arbitration, or litigation.
The most regularly utilised alternative dispute resolution (ADR) forum in South Africa is The Arbitration Foundation of South Africa (AFSA). It is a well-established arbitration forum with a panel of excellent arbitrators, the majority of whom are Senior Counsel or retired Judges of the High Court or Supreme Court of Appeal. The fees payable to AFSA for administering the arbitration are reasonable.
In terms of the AFSA rules, it is possible to agree to an expedited arbitration in the arbitration clause contained in the main agreement. The arbitrator in any event has wide powers to determine the pace of the arbitration and to hear urgent matters expeditiously.
If the parties have not agreed to an arbitration process in the main agreement, disputes are resolved through the High Court having jurisdiction, and if the matter is appealed, the Supreme Court of Appeal will decide the issue. The courts are not time efficient forums in which to resolve disputes as there are significant delays in obtaining dates for hearings, particularly in trial matters.
The exception to this is where there is a genuinely urgent issue to be decided, most regularly arising in the context of exit services and transition from one vendor to another, that may then be brought as an urgent application to the High Court. The relief sought is interdictory or peremptory in nature, either prohibiting one party from particular conduct or compelling a party to perform certain obligations. The degree of urgency is dictated by the facts and the complexity of the matter and can be heard as quickly as a matter of days or a few weeks.
So, for example, should a party breach the agreement and refuse to provide exit services, the aggrieved party may apply to court for an order that the breaching party be compelled to provide such services. The aggrieved party will have to show that its rights in terms of the agreement have been unlawfully breached, that it will suffer irreparable harm if the breach continues, and that there is no alternative remedy available to it.
Note, however, that even where the main agreement contains an arbitration clause, the jurisdiction of the High Court to hear urgent applications is not ousted.
Transfers of assets to the supplier
Transfer of assets to the supplier will either give rise to an income tax or capital gains tax event in the hands of the customer, depending on the nature of the assets transferred, for instance, whether the assets are revenue or capital in nature. Where the assets constitute revenue, the customer will be taxed at a rate of 28% on any net profit received on transfer of the assets and where the assets are capital in nature, the South African customer will be taxed at an effective rate of 18.68% on any capital gain arising on transfer of the assets.
Transfers of employees to the supplier
There will be no tax implications on the transfer of the employees. It will, however, need to be considered which entity will have the employees' withholding tax obligation.
VAT or sales tax
Both the transfer of assets and the transfer of employees would have VAT implications, if the transferor is a VAT vendor. More specifically, if the transferor supplies assets as part of its VAT enterprise, then the supply would attract VAT at the rate of 14%.
In the case of a supplier transferring employees to work on a specific project (and assuming that the recipient of the services pays the salaries of the employees, directly or indirectly), VAT would be levied at the rate of 14% on the salary costs as it would comprise the consideration for the supply of services provided by the supplier to the recipient.
Generally speaking, VAT would be levied at the rate of 14% on outsourcing services rendered depending on the VAT status of the supplier of such services.
If the supplier provides services to a customer in South Africa, no service tax will be levied.
If the supplier provides services to a customer in another jurisdiction, there may be withholding tax on the service fees. Section 51B of the Income Tax Act, 58 of 1962 (Income Tax Act) levies a final withholding tax on service fees calculated at the rate of 15% of the amount of any service fee that is paid by any to or for the benefit of any foreign person to the extent that an amount is regarded as having been received by or accrued to that person from a source within South Africa. "Service fees" is defined as any amount that is received or accrues in respect of technical services, managerial services and consultancy services, but does not include:
Services incidental to the imparting of or the undertaking to impart any scientific, technical, industrial or commercial knowledge or information.
The rendering of or the undertaking to render any assistance or service in connection with the application or utilisation of such knowledge or information.
Any amount received by or accrued to a supplier by virtue of the outsourcing arrangement, which constitutes "gross income" in terms of the Income Tax Act, will be taxed at a rate of 28%. The above will not be applicable where the supplier is not a South African tax resident.
Other tax issues
Andrew Bembridge, Director
Professional qualifications. Admitted as an attorney, conveyancer and notary public of the High Court of South Africa
Areas of practice. Property and real estate.
Non-professional qualifications. BCom, University of KwaZulu-Natal; LLB, University of Cape Town; HDip Tax, University of the Witwatersrand
Arnaaz Camay, Executive
Areas of practice. Tax.
Non-professional qualifications. BAcc ,University of the Witwatersrand, CA (SA); Higher Diploma in Tax, University of the Witwatersrand; Higher Diploma in International Tax, University of Johannesburg; MCom (Tax) (cum laude), University of the Witwatersrand
Justin Balkin, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa
Areas of practice. Competition.
Non-professional qualifications. BCom, University of the Witwatersrand; LLB, University of the Witwatersrand
Otsile Matlou, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa
Areas of practice. Mining.
Non-professional qualifications. BA, University of the Witwatersrand; LLB, University of the Witwatersrand; Higher Diploma in Tax, University of the Witwatersrand; Certificate in Advanced Company Law I and II, University of the Witwatersrand
Pippa Reyburn, Director
Professional qualifications. Admitted as an attorney and conveyancer of the High Court of South Africa
Areas of practice. Corporate and commercial.
Non-professional qualifications. BA, University of Cape Town; LLB (cum laude), University of Cape Town; LLM in Constitutional Law, University of Toronto
Ridwaan Boda, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa
Areas of practice. Technology, media and telecommunications.
Non-professional qualifications. BCom, University of the Witwatersrand; LLB, University of the Witwatersrand; LLM, University of South Africa
Ross Alcock, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa Unmapped style, please fix source document
Areas of practice. Employment.
Non-professional qualifications. BProc , University of the Witwatersrand; LLB, University of South Africa
Sanjay Kassen, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa
Areas of practice. Corporate and commercial.
Non-professional qualifications. BA, University of Cape Town; LLB, University of Cape Town
Sue Hayes, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa
Areas of practice. Dispute resolution.
Non-professional qualifications. BA, University of the Witwatersrand; LLB, University of the Witwatersrand
Waldo Steyn, Director
Professional qualifications. Admitted as an attorney of the High Court of South Africa
Areas of practice. Intellectual property.
Non-professional qualifications. BA Law, University of Stellenbosch; LLB, University of Stellenbosch; LLM, University of Stellenbosch; MBA, University of Wollongong in Dubai