This document provides an overview of privacy and data protection laws that organizations must comply with. It notes that boards have a duty under King III to ensure compliance with relevant IT laws. All organizations should be aware of applicable privacy laws and ensure training programs cover these laws. Key roles like the CIO, CRO, and legal teams need awareness of privacy obligations. The document lists some relevant South African laws and provides contact information for an ICT lawyer who can help organizations understand how to apply these laws.