Recent data protection regulatory frameworks, such as the Protection of Personal Information Act (POPI Act) in South Africa and the General Data Protection Regulation (GDPR) in the European Union, impose governance requirements for research involving high-risk and vulnerable groups such as children and adolescents. Our paper's objective is to unpack what constitutes adequate safeguards to protect the personal information of vulnerable populations such as children and adolescents. We suggest strategies to adhere meaningfully to the principal aims of data protection regulations. Navigating this within established research projects raises questions about how to interpret regulatory frameworks to build on existing mechanisms already used by researchers. Therefore, we will explore a series of best practices in safeguarding the personal information of children, adolescents and young people (0-24 years old), who represent more than half of sub-Saharan Africa's population. We discuss the actions taken by the research group to ensure regulations such as GDPR and POPIA effectively build on existing data protection mechanisms for research projects at all stages, focusing on promoting regulatory alignment throughout the data lifecycle. Our goal is to stimulate a broader conversation on improving the protection of sensitive personal information of children, adolescents and young people in sub-Saharan Africa. We join this discussion as a research group generating evidence influencing social and health policy and programming for young people in sub-Saharan Africa. Our contribution draws on our work adhering to multiple transnational governance frameworks imposed by national legislation, such as data protection regulations, funders, and academic institutions
