Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The DraftContinue Reading Indonesia: prepare now for the new Personal Data Protection Law
Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).
The Draft Measures…Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activities
Authors: Carolyn Bigg and Amanda Ge
Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and…Continue Reading CHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insights
Authors: Carolyn Bigg, Amanda Ge and Venus Cheung
On July 24, 2023, the People’s Bank of China (“PBOC”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“Draft Measures”) for public consultation, which closes on August 24, 2023.
The Draft…Continue Reading CHINA: New draft proposes more stringent requirements for processing data in the financial services industry
Vietnam’s long-awaited, first-ever Personal Data Protection Decree (“PDPD”) has finally been passed and is scheduled to take effect from 1 July 2023 (save limited grace period exceptions).
The PDPD is the first comprehensive data protection regulation consolidating Vietnam’s existing data…
On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR
Summary: The final version of the China SCCs has now been published, meaning those organisations that haven’t had to apply for CAC approval for their cross-border transfers of personal information now have until 1 December 2023 to:
- sign the China SCCs with
Author: Carolyn Bigg
Are we seeing a return of proactive enforcement of Hong Kong’s data protection laws, after a lull in recent years?
On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”):
- EC Healthcare’s failure to obtain
Indonesia’s long-awaited Personal Data Protection Law (“PDPL”) finally came into force on 17 October 2022, helpfully consolidating and clarifying the personal data protection framework in Indonesia.
Whilst there is a two-year transition period, businesses with Indonesian operations or which process the personal data of Indonesian citizens should now make…
Continue Reading INDONESIA: Personal Data Protection Law PDPL Now in Force
We have all been waiting for a confirmed approach on legitimising overseas transfers. Finally, we have a clear answer on what organisations need to do to transfer or access for personal data and “important data” outside of Mainland China; and the message is…
Continue Reading CHINA: Cross-border data transfers – what are your options?