Though said to be a replica of GDPR, the Indian Personal Data Protection Bill (PDPB) is actually quite different, writes Sandeep Sangwan of the International Association of Privacy Professionals, and this can cause issues for multinationals or Indian “data fiduciaries” who are also subject to GDPR.

Per Sangwan, the lack of the legal basis “necessary

“Regulators ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps,” reports TechNode.com.

“The latest crackdown signals the government’s determination to clean up unauthorized data collection from any and every company violating data privacy laws, particularly bigger players.”

“Companies will need permission to collect the data of citizens in Thailand under the nation’s first privacy law, even if they don’t have a physical presence in the country”, reports Bloomberg Law.

“The Personal Data Protection Act will require businesses to obtain individuals’ consent before collecting their data and let them retroactively revoke consent for

The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:

  • Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal data will be disclosed.
  • Use headings, titles and sections especially when the notification is expected to convey a lot of information.
  • Use a layered

Click to accept – not always good enough, says the New Zealand Privacy Commissioner.

Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the individuals.

In the case of a “clicked consent,” the Commissioner will also check:

  • Why the company believes that click

The Cyberspace Administration of China has published Draft Administrative Measures on Evaluating the Security of Transmitting Personal Information Overseas.

Key requirements:

  • Contracts between the data exporter and the data importer(s) that must include all the certain specified clauses.
  • Internal review by the data exporter following Article 17 of the 2019 Draft Measures and a declaration

“The loss of privacy often seems like no big deal, a small price to pay for the convenience of the digital world. This is an all-too-common misunderstanding that can have grave consequences, as privacy invasions are often invisible, harms frequently only happen in the future, and they always affect some people more than others.”

“In

“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be

The “Data Protection Trustmark Certification” (DPTM), promulgated by the Singapore Infocomm Media Development Authority (IMDA) is a voluntary enterprise-wide certification for organizations to demonstrate sound and accountable data protection practices.

DPTM assessment can only be conducted by an IMDA appointed panel of assessment bodies. The certification will be valid for three years and will need

Thailand’s Parliament passed the Personal Data Protection Act, a bill created to offer citizens similar protections to the EU General Data Protection Regulation.

The data protection law, effective after a one-year transition period, will apply not only to companies located in Thailand, but also overseas companies which collect, use, or disclose personal data of subjects