The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such Self-supervision Audits, in case the data regulator finds significant risks involved in a data controller’s processing or where data incidents occur, the
Continue Reading CHINA: Mandatory data protection compliance (self) audits on their wayPersonal Data
China: Important new guidance on defining sensitive personal information
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map their processing of China sensitive personal information, which is increasingly important in light of new cross-border data transfer…
Continue Reading China: Important new guidance on defining sensitive personal informationVIETNAM: First Personal Data Protection Decree passed – What you need to know
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To.
Vietnam’s long-awaited, first-ever Personal Data Protection Decree (“PDPD”) has finally been passed and is scheduled to take effect from 1 July 2023 (save limited grace period exceptions).
The PDPD is the first comprehensive data protection regulation consolidating Vietnam’s existing data…
Continue Reading VIETNAM: First Personal Data Protection Decree passed – What you need to know
Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data
Authors: Verena Grentzenberg, Andreas Rüdiger, Ludwig Lauer
In his Opinion of 27.04.2023 (C 340/21), the Advocate General of the European Court of Justice (“ECJ”) commented on the interpretation of the civil non-material right to damages pursuant to Article 82 (1) GDPR as well as on the requirements and the duty of…
Continue Reading Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data
UK: New Data Protection and Digital Information Bill
Authors: Alexa Smith, James Clark, Robyn Palmer, Jamie Sanderson
The UK Government has published its long-awaited ‘Data Protection and Digital Information Bill’. The Bill will reform areas of UK data protection and electronic privacy law, and will also introduce new regulatory frameworks, most notably in the field of digital identity…
Continue Reading UK: New Data Protection and Digital Information Bill