Name

Francis Cronj www.franciscronje.com www.cyberlawsa.co.za http://za.linkedin.com/pub/francis-cronje-cipp-cipp-it/0/49a/283

Qualifications

BLC (Pretoria, South Africa) LLB (Pretoria, South Africa) LLM (ICT Law and Data Protection) (Oslo, Norway) CIPP (IAPP)(USA) CIPP/IT (IAPP)(USA)

Job Title

Founder at franciscronje.com specializing in Information Governance, ICT Law and Privacy. Francis has 14 years of industry and consulting experience across a broad range of engagements and industries. He was a Specialist Legal Consultant on Data Protection and IT Advisory at KPMG South Africa, where he headed up Data Protection as a service line to clients. Prior to this he inter alia worked at Business Connexion, co-founded Buys Inc. and later headed up new business development at Michalsons before leaving for Europe. Francis specialisation is in ICT and Privacy Law and he has vast experience in Privacy Impact Assessments as well as Data Protection Gap Analysis which include assessments of Third Parties. Francis is the co-author and co-editor of the textbook Cyberlaw@SA second edition. The first book to address the ECT Act, PAIA and RICA. He has presented at numerous seminars locally and internationally on matters ranging from ICT Law to Data Protection and IT Asset Management. Francis was a part time lecturer at the Universities of the Western Cape (UWC) and Cape Town (UCT) and also lectured at the Universities of the Witwatersrand (UW) and Pretoria (UP). He has published several articles on Data Protection and ICT Law in the local and international media. His most recent article on Data Protection was published in the International Journal of Digital Forensics, Security and Law. Francis is an Adjudicator and Appeal Panelist for the Wireless Application Service Providers and Internet Service Providers Associations of South Africa and an Executive member of the IT Association of South Africa. Francis is also part of the South African Bureau Of Standards (SABS) privacy working group and submitted comments on its behalf to the International Standards Organization (ISO) for its proposed ISO 29100 standard on data protection. He forms part of the Technical Working Committee in Parliament that deals with the Protection of Personal Information Bill. Francis is a Data Assessor for the Direct Marketing Association of South Africa, and is admitted as an Advocate to the High Court of South Africa.

Background and Experience

Francis key engagements include: Data Protection Gap Analysis for a major bank: Francis was responsible for conducting a gap analysis of the banks data protection compliance across all business units and an assessment of its third parties. The reviews were performed in accordance with International Standards, EU Directives, SA Legislation and pending SA Legislation. As well as conducting the reviews, Francis was responsible for reporting and communicating progress to the bank and setting up reports on risks identified. Data Protection Gap Analysis for SAs biggest retailer. Data Protection Remediation for a major bank: Francis was responsible

for consulting the bank on its remediation of Data Protection and fulfilling the role of a Privacy Officer. This role included, project managing POPI, the drafting of various Information and Data Security policies, Detailed Data Protection guidelines as well as Incident Handling Processes. Data Protection Remediation and ICT compliance for SAs biggest retailer: Francis was responsible for creating and setting up of a Data Governance Office within the company and accomplishing corporate governance in terms of King III and privacy by implementing and driving the rd POPI Project. This also involved the review and re-drafting of all 3 party agreements related to the retailers IT operations and co-ordinating the outcome with legal and compliance. Francis also served on the Risk Committee and regularly reported on the impact of POPI from a risk perspective and mitigation solutions. Legal Advice on Third Party agreements between a major bank and telecommunications provider: Francis role was to assess legalities that could put the bank at risk from an information security perspective and to project steer both parties away from possible risk. Legal Advice on WAN for major bank R 2.5 Billion contract: Francis role was to provide an opinion on all legislation relating to the WAN environment. Legal Advice to Government on IT Security: Francis role was to address all legislation pertaining to IT Security within government. IP due diligence of listed UK company: Francis responsibilities were to determine and project manage the IP governance of the companys IT subsidiary in SA. Legal Advice to Para-statal on IT Regulatory Universe: Francis role was to address all legislation pertaining to IT Security within the Para-statal and to compose relevant documentation addressing same, as part of a project that focused on Information Governance.

Sector Francis has worked in both the private and public sector and enjoys the challenges of experience both environments. and key skills His key skills are in Information Governance, Compliance, ICT and Data Protection Law.