New laws

Subscribe to New laws via RSS

It’s the turn of South-East Asian countries to update their data protection laws. Here is our summary of the proposed new data protection laws in Vietnam, Malaysia and Indonesia. Organisations are advised to update their data protection compliance programmes as soon as possible to reflect these developments.

Vietnam

Vietnam issued its first draft of a

Continue Reading VIETNAM, MALAYSIA AND INDONESIA: what you need to know about the new SE Asia data protection laws

It has been a busy month for cyber and privacy regulation in Australia. On the heels of the proposed amendments to the Privacy Act 1988 released just under a month ago (see our summary here), three further draft Bills relating to cyber security were released this week.

The key takeaways from the new Bills

Continue Reading Australia’s Cyber Security Strategy in action – three new draft laws published

In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the 

Continue Reading UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?

We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide“). The Guide has now (September 2024) been finalized and issued by the National Information Security Standardization Technical Committee (TC260). Helpfully, it gives organisations greater scope to

Continue Reading China: New definition and guidelines on Sensitive Personal Information now finalised

Hong Kong is following other jurisdictions, including Mainland China, Singapore and the UK, in proposing to enhance cybersecurity obligations on IT systems of those operating critical infrastructure (“CI“). While the proposed new law, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill (the“proposed legislation”), is still at an early stage

Continue Reading Hong Kong: A Practical Guide to the Proposed Critical Infrastructure Cybersecurity Legislation

Disclaimer: This article first appeared in the June 2024 issue of PLC Magazine, and is available at http://uk.practicallaw.com/resources/uk-publications/plc-magazine.

In order to capture the benefits of data-driven innovation, the EU and the UK are taking action to facilitate data sharing across various industries.

In the EU, the European Commission is investing €2

Continue Reading EU/UK: Data-Sharing Frameworks – A State of Play in the EU and the UK

In the UK, there is currently heightened regulatory scrutiny and increased public interest in children’s data protection and online harm, with a raft of new guidance and regulation from both the ICO and Ofcom, the chief regulator of the Online Safety Act, in relation to children’s safety online. 

Since the introduction of the ICO’s Children’s

Continue Reading UK: ICO and Ofcom approach to regulation of online services

Data classification and grading is an obligation that each data handler must comply with under the Chinese data protection laws. Data handlers have been waiting for clear requirements and standards on how to carry out the relevant work. The newly published national standard GB/T 43697-2024 Data Security Technology – Rules for Data Classification and Grading

Continue Reading CHINA: New national data classification and grading standard is released

On March 6, 2024, the New Hampshire Governor signed into law Senate Bill 255 (the “NH Act”), making New Hampshire the 15th state to adopt a comprehensive state privacy law. The NH Act will take effect January 1, 2025. This post explores how the NH Act stacks up against the other comprehensive state privacy

Continue Reading US: New Hampshire Enacts 15th Comprehensive State Privacy Law