The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:

  • Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal data will be disclosed.
  • Use headings, titles and sections especially when the notification is expected to convey a lot of information.
  • Use a layered

Click to accept – not always good enough, says the New Zealand Privacy Commissioner.

Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the individuals.

In the case of a “clicked consent,” the Commissioner will also check:

  • Why the company believes that click

The Cyberspace Administration of China has published Draft Administrative Measures on Evaluating the Security of Transmitting Personal Information Overseas.

Key requirements:

  • Contracts between the data exporter and the data importer(s) that must include all the certain specified clauses.
  • Internal review by the data exporter following Article 17 of the 2019 Draft Measures and a declaration

“The loss of privacy often seems like no big deal, a small price to pay for the convenience of the digital world. This is an all-too-common misunderstanding that can have grave consequences, as privacy invasions are often invisible, harms frequently only happen in the future, and they always affect some people more than others.”

“In

“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be

The “Data Protection Trustmark Certification” (DPTM), promulgated by the Singapore Infocomm Media Development Authority (IMDA) is a voluntary enterprise-wide certification for organizations to demonstrate sound and accountable data protection practices.

DPTM assessment can only be conducted by an IMDA appointed panel of assessment bodies. The certification will be valid for three years and will need

Thailand’s Parliament passed the Personal Data Protection Act, a bill created to offer citizens similar protections to the EU General Data Protection Regulation.

The data protection law, effective after a one-year transition period, will apply not only to companies located in Thailand, but also overseas companies which collect, use, or disclose personal data of subjects

Several initiatives signal big changes for the regulation of privacy in China in 2019 reports the International Association of Privacy Professionals (IAPP).

  • End of bundled consent: Controllers are required to provide a privacy notice in intelligible, clear and concise wording and to obtain freely given consent from data subjects. The bundled consent, or “take-it-or-leave-it”

Local data protection representative – the South Korea version.

“South Korea updated its Act on the Promotion of IT Network Use and Information Protection (Network Act) in December 2018. Starting March 19, the law will require digital communications providers who deal with South Korean data but who have no physical presence in the country to

To better position themselves for foreign trade, on the heels of the EU General Data Protection Regulation (GDPR), many countries in the Asia Pacific are tweaking, implementing or developing their own privacy laws.

  • Japan – was recently granted an adequacy status by the EU for its privacy protection regime.
  • South Korea – is still in