In our highly connected world, technology and data have become increasingly material to most companies, regardless of industry or sector.
Continue Reading US: New SEC Cyber Rules — A Deep Dive into Cybersecurity Processes to Support Accurate and Complete Disclosures
UK: EU-UK Data Privacy Framework Extension
UK Extension
Following the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF) (for further information see here), the UK Government has announced that from 12 October 2023, organisations in the UK can transfer personal data to US organisations certified to the “UK Extension to the EU-US Data Privacy Framework”
Continue Reading UK: EU-UK Data Privacy Framework Extension
Indonesia: prepare now for the new Personal Data Protection Law
Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft
Continue Reading Indonesia: prepare now for the new Personal Data Protection LawWe’re now seamlessly global. Here’s what to expect.
Dear subscriber,
Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.
Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering
Continue Reading We’re now seamlessly global. Here’s what to expect.Ireland: Non-material damages under GDPR – Irish law developments and the international approach
Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger
The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.
This judgment comes in the context of
Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approachIndia: New Digital Personal Data Protection Act, Start Planning Now.
Authors: Carolyn Bigg, Gwyneth To and Rachel De Souza
Start preparing now to comply with India’s new data protection law. While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be
Continue Reading India: New Digital Personal Data Protection Act, Start Planning Now.CHINA: uncertainties helpfully clarified on various key data compliance activities
Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).
The Draft Measures
Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activitiesCHINA: new mandatory data protection compliance audits proposed
To add to the compliance burden, new mandatory, periodic and detailed data protection compliance audits have now been proposed in China, with measures beyond the usual governance/compliance audit compliance steps expected under other data protection frameworks, and a duty to report the audit results to the China data authorities.
On 3 August 2023, the Cyberspace
Continue Reading CHINA: new mandatory data protection compliance audits proposedCHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insights
Authors: Carolyn Bigg and Amanda Ge
Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and
Continue Reading CHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insightsCHINA: New draft proposes more stringent requirements for processing data in the financial services industry
Authors: Carolyn Bigg, Amanda Ge and Venus Cheung
On July 24, 2023, the People’s Bank of China (“PBOC”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“Draft Measures”) for public consultation, which closes on August 24, 2023.
The Draft
Continue Reading CHINA: New draft proposes more stringent requirements for processing data in the financial services industrySINGAPORE: Proposed Guidelines on Use of Personal Data in AI Systems
Authors: Carolyn Bigg, Lauren Hurcombe and Yue Lin Lee.
On 18 July 2023, Singapore’s Personal Data Protection Commission (“PDPC”) issued for public consultation a set of proposed guidelines for the use of personal data in AI recommendation and decision systems (“Proposed Guidelines”). The public consultation is open until 31 August
Continue Reading SINGAPORE: Proposed Guidelines on Use of Personal Data in AI Systems