New laws

Subscribe to New laws

Dear subscriber, 

Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.

Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering

Continue Reading We’re now seamlessly global. Here’s what to expect. 

Authors: Carolyn Bigg, Gwyneth To and Rachel De Souza

Start preparing now to comply with India’s new data protection law. While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be

Continue Reading India: New Digital Personal Data Protection Act, Start Planning Now.

Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“Draft Measures”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“CAC”).

The Draft Measures

Continue Reading CHINA: uncertainties helpfully clarified on various key data compliance activities

To add to the compliance burden, new mandatory, periodic and detailed data protection compliance audits have now been proposed in China, with measures beyond the usual governance/compliance audit compliance steps expected under other data protection frameworks, and a duty to report the audit results to the China data authorities.

On 3 August 2023, the Cyberspace

Continue Reading CHINA: new mandatory data protection compliance audits proposed

Author: Sarah Birkett

Cyber Security Strategy discussion paper launched

This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

The discussion paper, which acknowledges that the Australian Government was
Continue Reading Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

Authors: Andreas Rüdiger, Philipp Adelberg

The debate on transatlantic data transfers, a possible adequacy decision for the US and the EU-US Data Privacy Framework (“DPF“) is gaining new momentum. On 14 February 2023, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs published its draft motion for a resolution regarding
Continue Reading EU – US adequacy decision: Update

Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To

Summary: The final version of the China SCCs has now been published, meaning those organisations that haven’t had to apply for CAC approval for their cross-border transfers of personal information now have until 1 December 2023 to:

  • sign the China SCCs with


Continue Reading CHINA: Final China SCCs for CBDT published – What you need to know

Authors: Sarah Birkett, Nicholas Boyle

The Australian Attorney-General has published the (long-awaited) results of the Privacy Act review.

The report recommends a number of changes to the Australian privacy framework, including various changes to Australia’s core privacy legislation, the Privacy Act 1988 (Cth).

The report does not represent official Government policy and there is
Continue Reading Australia Privacy Act review – a blueprint for change?

Author: Carolyn Bigg, Yue Lin Lee

Indonesia’s long-awaited Personal Data Protection Law (“PDPL”) finally came into force on 17 October 2022, helpfully consolidating and clarifying the personal data protection framework in Indonesia.

Whilst there is a two-year transition period, businesses with Indonesian operations or which process the personal data of Indonesian citizens should now make
Continue Reading INDONESIA: Personal Data Protection Law PDPL Now in Force

Authors: Alexa Smith, James Clark, Robyn Palmer, Jamie Sanderson

The UK Government has published its long-awaited ‘Data Protection and Digital Information Bill’. The Bill will reform areas of UK data protection and electronic privacy law, and will also introduce new regulatory frameworks, most notably in the field of digital identity
Continue Reading UK: New Data Protection and Digital Information Bill