On 8 July 2025, the DIFC Data Protection Law No. 5 of 2020 (DIFC Data Protection Law) was amended to introduce several substantive changes, including the landmark creation of a private right of action for data subjects, clarifications to the extraterritorial scope, and increased financial penalties for non-compliance.
The changes broadly reflect those
Continue Reading Dubai International Financial Centre: Updates to the DIFC Protection Laws
The potential criminalization of activities associated with ransomware cyber attacks, including ransom payments by victims, has long been an unresolved issue. This concern has now led Italy to introduce a ground breaking legislative proposal aimed at enhancing cybersecurity and mitigating threats posed by digital extortionists.
Recognizing ransomware cyberattacks not merely as economic disturbances but as
Continue Reading Italy: Ransomware and Crime – A Proposal to Tackle Cyber Extortion in Italy
On 11 June 2025, the UK’s Data (Use and Access) Act 2025 (“DUA Act“) was passed and received Royal Assent on 19th June 2025.
The government first announced plans for the new DUA Act in the King’s speech back in July 2024. The DUA Act introduces reforms to data protection and e-privacy laws
Continue Reading UK: Data (Use and Access) Bill passes through Parliament
On 20 March 2025, the Nigeria Data Protection Commission (Commission), issued the General Application and Implementation Directive (GAID). The GAID serves as a regulatory framework for implementing the Nigeria Data Protection Act (NDPA) 2023. It provides practical guidance for organisations handling personal data and aims to ensure uniform compliance
Continue Reading Nigeria: NDPC Issues GAID – Key Compliance Insights
Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring the UK into alignment with its European counterpart, the NIS2 directive. Currently, cyber regulation in
Continue Reading UK: Will UK cyber reforms keep step with NIS2?
On April, 8 2025, the Department of Justice’s final rule, implementing the Biden-era Executive Order 14117 restricting the transfer of Americans’ Sensitive Personal Data and United States Government-Related Data to countries of concern (the “Final Rule“), came into force. The Final Rule imposes new requirements on US companies when transferring certain types
Continue Reading US: Department of Justice issues final rule restricting the transfer of Sensitive Personal Data and United States Government-Related Data to “countries of concern”
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our summary), the Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out such requirements, titled the
Continue Reading Malaysia: Guidelines Issued on Data Breach Notification and Data Protection Officer Appointment
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal Information Protection Compliance Audits (“Measures“), effective 1 May 2025.
The Measures outline the requirements and procedures for both self-initiated and regulator-requested
Continue Reading CHINA: Mandatory Data Protection Compliance Audits from 1 May 2025
On 3 January 2025, the Cyberspace Administration of China (“CAC“) released for public consultation the draft Measures for Certification of Personal Information Protection for Cross-Border Transfer of Personal Information (“Draft Measures“). This regulation represents the final piece in the CAC’s regulatory framework for the three routes to legitimize cross-border transfers of personal data
Continue Reading CHINA: Draft Regulation on Certification for Cross-Border Data Transfers Published
On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security related amendments, on 25 November 2024.
The majority of the amendments to the Privacy Act 1988 (Cth) will
Continue Reading Australia: Privacy Act amendments and Cyber Security Act become law
