Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft

Continue Reading Indonesia: prepare now for the new Personal Data Protection Law

Dear subscriber, 

Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.

Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering

Continue Reading We’re now seamlessly global. Here’s what to expect. 

Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger

The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR.  The judgment also establishes a list of factors for the courts to consider when assessing non-material damages.

This judgment comes in the context of

Continue Reading Ireland: Non-material damages under GDPR – Irish law developments and the international approach

Authors: Carolyn Bigg, Gwyneth To and Rachel De Souza

Start preparing now to comply with India’s new data protection law. While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be

Continue Reading India: New Digital Personal Data Protection Act, Start Planning Now.

Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).

The Draft Measures

Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activities

To add to the compliance burden, new mandatory, periodic and detailed data protection compliance audits have now been proposed in China, with measures beyond the usual governance/compliance audit compliance steps expected under other data protection frameworks, and a duty to report the audit results to the China data authorities.

On 3 August 2023, the Cyberspace

Continue Reading CHINA: new mandatory data protection compliance audits proposed

Authors: Carolyn Bigg and Amanda Ge

Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and

Continue Reading CHINA: only 100 days to file SCCs for cross-border data transfers –  practical tips and insights

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung

On July 24, 2023, the People’s Bank of China (“PBOC”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“Draft Measures”) for public consultation, which closes on August 24, 2023.

The Draft

Continue Reading CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Authors: Carolyn BiggLauren Hurcombe and Yue Lin Lee.

On 18 July 2023, Singapore’s Personal Data Protection Commission (“PDPC”) issued for public consultation a set of proposed guidelines for the use of personal data in AI recommendation and decision systems (“Proposed Guidelines”). The public consultation is open until 31 August

Continue Reading SINGAPORE: Proposed Guidelines on Use of Personal Data in AI Systems