First and foremost, it is a legal requirement to disclose what information from Clients you will be processing, why and how. This is a fundamental requirement in many data protection laws such as the Protection of Personal Information Act (the full Act is not yet in force) (hereinafter referred to as “POPI”).
There is also the European Union’s General Data Protection (hereinafter referred to as “GDPR”). The GDPR protects the privacy and personal information of residents in the EU. If you process the personal information in South Africa of an individual who is resident in the EU, then you will have to comply with the GDPR.