The Cyberspace Administration of China has published Draft Administrative Measures on Evaluating the Security of Transmitting Personal Information Overseas.

Key requirements:

  • Contracts between the data exporter and the data importer(s) that must include all the certain specified clauses.
  • Internal review by the data exporter following Article 17 of the 2019 Draft Measures and a declaration

“The loss of privacy often seems like no big deal, a small price to pay for the convenience of the digital world. This is an all-too-common misunderstanding that can have grave consequences, as privacy invasions are often invisible, harms frequently only happen in the future, and they always affect some people more than others.”

“In

“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be

The “Data Protection Trustmark Certification” (DPTM), promulgated by the Singapore Infocomm Media Development Authority (IMDA) is a voluntary enterprise-wide certification for organizations to demonstrate sound and accountable data protection practices.

DPTM assessment can only be conducted by an IMDA appointed panel of assessment bodies. The certification will be valid for three years and will need

Thailand’s Parliament passed the Personal Data Protection Act, a bill created to offer citizens similar protections to the EU General Data Protection Regulation.

The data protection law, effective after a one-year transition period, will apply not only to companies located in Thailand, but also overseas companies which collect, use, or disclose personal data of subjects

Several initiatives signal big changes for the regulation of privacy in China in 2019 reports the International Association of Privacy Professionals (IAPP).

  • End of bundled consent: Controllers are required to provide a privacy notice in intelligible, clear and concise wording and to obtain freely given consent from data subjects. The bundled consent, or “take-it-or-leave-it”

Local data protection representative – the South Korea version.

“South Korea updated its Act on the Promotion of IT Network Use and Information Protection (Network Act) in December 2018. Starting March 19, the law will require digital communications providers who deal with South Korean data but who have no physical presence in the country to

To better position themselves for foreign trade, on the heels of the EU General Data Protection Regulation (GDPR), many countries in the Asia Pacific are tweaking, implementing or developing their own privacy laws.

  • Japan – was recently granted an adequacy status by the EU for its privacy protection regime.
  • South Korea – is still in

China is in the early stages of setting up a data protection regulatory framework with rules for consent; personal data collection, use and sharing; and user-requested deletion of data.

The intention is to build a Chinese data protection regime that is uniquely suited to China: one that builds consumer trust in a thriving digital economy

Japan is the latest country to be recognized by the European Union as providing adequate protection to data. The decision is one of mutual adequacy and creates the world’s largest area of safe data flows.

Per European commissioner Vera Jourova: “Europeans’ data will benefit from high privacy standards when their data is transferred to Japan.