While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map their processing of China sensitive personal information, which is increasingly important in light of new cross-border data transfer
Continue Reading China: Important new guidance on defining sensitive personal informationData transfers
Indonesia: prepare now for the new Personal Data Protection Law
Following the passing of the long-awaited Personal Data Protection Law (“PDPL”) in Indonesia, on 31 August 2023, the Ministry of Communications and Information Technology published the draft government regulation (“Draft Regulation”) on the implementation of the PDPL for public consultation. The public consultation will close on 14 September 2023. The Draft…
Continue Reading Indonesia: prepare now for the new Personal Data Protection LawCHINA: uncertainties helpfully clarified on various key data compliance activities
Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).
The Draft Measures…
Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activitiesCHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insights
Authors: Carolyn Bigg and Amanda Ge
Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and…
Continue Reading CHINA: only 100 days to file SCCs for cross-border data transfers – practical tips and insightsCHINA: New draft proposes more stringent requirements for processing data in the financial services industry
Authors: Carolyn Bigg, Amanda Ge and Venus Cheung
On July 24, 2023, the People’s Bank of China (“PBOC”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“Draft Measures”) for public consultation, which closes on August 24, 2023.
The Draft…
Continue Reading CHINA: New draft proposes more stringent requirements for processing data in the financial services industryVIETNAM: First Personal Data Protection Decree passed – What you need to know
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To.
Vietnam’s long-awaited, first-ever Personal Data Protection Decree (“PDPD”) has finally been passed and is scheduled to take effect from 1 July 2023 (save limited grace period exceptions).
The PDPD is the first comprehensive data protection regulation consolidating Vietnam’s existing data…
Continue Reading VIETNAM: First Personal Data Protection Decree passed – What you need to know
EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR
Authors: Andreas Rüdiger, Philipp Adelberg
On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR
CHINA: Final China SCCs for CBDT published – What you need to know
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To
Summary: The final version of the China SCCs has now been published, meaning those organisations that haven’t had to apply for CAC approval for their cross-border transfers of personal information now have until 1 December 2023 to:
- sign the China SCCs with
…
Continue Reading CHINA: Final China SCCs for CBDT published – What you need to know
HONG KONG: Increased Enforcement Action?
Author: Carolyn Bigg
Are we seeing a return of proactive enforcement of Hong Kong’s data protection laws, after a lull in recent years?
On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”):
- EC Healthcare’s failure to obtain
INDONESIA: Personal Data Protection Law PDPL Now in Force
Author: Carolyn Bigg, Yue Lin Lee
Indonesia’s long-awaited Personal Data Protection Law (“PDPL”) finally came into force on 17 October 2022, helpfully consolidating and clarifying the personal data protection framework in Indonesia.
Whilst there is a two-year transition period, businesses with Indonesian operations or which process the personal data of Indonesian citizens should now make…
Continue Reading INDONESIA: Personal Data Protection Law PDPL Now in Force