It’s the turn of South-East Asian countries to update their data protection laws. Here is our summary of the proposed new data protection laws in Vietnam, Malaysia and Indonesia. Organisations are advised to update their data protection compliance programmes as soon as possible to reflect these developments.

Vietnam

Vietnam issued its first draft of a

Continue Reading VIETNAM, MALAYSIA AND INDONESIA: what you need to know about the new SE Asia data protection laws

Additional and clarified data compliance obligations will soon come into force under the long-awaited Network Data Security Management Regulation (“Regulation“), which was released on 30 September 2024. The Regulation is formulated under the existing data protection framework pillars of the Cyber Security Law, the Data Security Law and the Personal Information Protection Law

Continue Reading CHINA: Enhanced and clarified data compliance obligations on handlers of “network data”, covering personal information and important data, and operators of online platforms from 1 January 2025

We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide“). The Guide has now (September 2024) been finalized and issued by the National Information Security Standardization Technical Committee (TC260). Helpfully, it gives organisations greater scope to

Continue Reading China: New definition and guidelines on Sensitive Personal Information now finalised

Hong Kong is following other jurisdictions, including Mainland China, Singapore and the UK, in proposing to enhance cybersecurity obligations on IT systems of those operating critical infrastructure (“CI“). While the proposed new law, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill (the“proposed legislation”), is still at an early stage

Continue Reading Hong Kong: A Practical Guide to the Proposed Critical Infrastructure Cybersecurity Legislation

Data classification and grading is an obligation that each data handler must comply with under the Chinese data protection laws. Data handlers have been waiting for clear requirements and standards on how to carry out the relevant work. The newly published national standard GB/T 43697-2024 Data Security Technology – Rules for Data Classification and Grading

Continue Reading CHINA: New national data classification and grading standard is released

In good news, on 22 March 2024, the Cyberspace Administration of China (“CAC”) finalised long-awaited guidelines setting out exemptions to some of the more challenging cross-border data transfer (“CBDT”) compliance requirements (“Guidelines”). As well the exemptions, there are updated filing templates for those still falling outside the exemptions; and

Continue Reading CHINA: Cross Border Data Transfer Requirements – exemptions now available

Author: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To

With 2023 having come to an end, the fast-paced changes to the China data protection regime throughout the year are continuing well into Q1 2024.

As well as a near finalisation of the different routes to legitimise cross-border data transfers, the Cyberspace

Continue Reading CHINA: data protection regulations – a lookback at 2023 developments