Support Centre

Asia-Pacific

Insights

In this Insight article, HoSang Yoon and Hyein Lee, from Shin & Kim LLC, delve into the release of the Guidelines on Applying the Personal Information Protection Act to Foreign Business Operators (the Guidelines), designed to assist foreign businesses in complying with the Personal Information Protection Act (PIPA). Released by the Personal Information Protection Commission (PIPC) on April 4, 2024, the Guidelines provide a comprehensive framework to help foreign businesses meet PIPA requirements and emphasize the importance of adopting robust measures to safeguard the personal data of South Korean users.

In this Insight article, Hyeon Song Lee, Principal at Pine Law Office, explores how the Personal Information Protection Act (PIPA) in South Korea grants personal data rights and sets obligations for data processors. Additionally, he delves into the complex landscape of data retention regulations that extend beyond PIPA, highlighting the necessity for businesses to navigate various individual laws to ensure compliance and avoid potential penalties.

The National Privacy Commission (NPC) issued NPC Circular No. 2024-01 (the Circular) on January 26, 2024, entitled Amendments to Certain Provisions of the 2021 Rules of Procedure of the National Privacy Commission (the 2021 NPC Rules of Procedure).

Edsel F. Tupaz, Senior Partner at Gorriceta Africa Cauton & Saavedra and Lead of the firm's Data Privacy, Cybersecurity, and AI Initiatives practice group, discusses the salient amendments under the Circular and their practical implications for Personal Information Controllers (PICs). In particular, Edsel breaks down and describes the practical import of the amended provisions found in the new procedure of the National Privacy Commission for compliance checks, alternative dispute resolutions (ADR), and decisions.

The Australian Government released the 2023-2030 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper (the Consultation Paper) in December 2023. The Consultation Paper follows the Australian Government's 2023-2030 Australian Cyber Security Strategy (the Strategy). The Strategy aims to build 'cyber shields' to strengthen Australia's cyber defenses and build resilience against cyber-attacks. Katherine Sainty, Kaelah Dowman, and Sarah Macken, from Sainty Law, explore the current ransomware environment in Australia and the Government's proposed ransomware reporting obligations.

In this Insight article, Prashanth Shivadass, Partner at Shivadass & Shivadass, delves into India's evolving digital landscape, marked by a surge in data usage and technological advancements. Examining the journey from the Information Technology Act, 2011 (the IT Act) to the Digital Personal Data Protection Act, 2023 (DPDPA), and the emergence of the Digital Competition Bill (DCB), the article navigates the intricate intersection of data protection, competition law, and the challenges posed by big tech entities in shaping India's digital future.

In this article, Arun Babu and Gayathri Poti, from Kochhar & Co., delineate the primary disparities between the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR) from a business perspective, analyzing the rationale behind these distinctions and their practical implications.

Part one of this series on India's Digital Personal Data Protection Act, 2023 (the Act) looked into the Act's scope and application, and part two delved into consent and legitimate uses. Part three discussed the provisions applicable to the transfer of digital personal data under the Act in India.

In part four of this series, Rachit Bahl, Rohan Bagai, and Navdeep Baidwan, from AZB & Partners, delve into the rights and duties of data subjects under the Act, emphasizing the pivotal role individuals play in safeguarding their personal data in the digital era.

In this Insight article, Ada Chung Lai-Ling, Privacy Commissioner for Personal Data, Hong Kong, explores the Standard Contract for Cross-boundary Flow of Personal Information Within the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland, Hong Kong) (the GBA SC), including its scope and adoption.

In an increasingly digitized world, safeguarding against cyber attacks has become pivotal for modern businesses. The alarming rate at which cyber attacks are evolving creates significant challenges for Australian businesses in maintaining data security and integrity. Data management is an important tool for businesses to mitigate cyberattacks and maintain strong security measures. Data management strategies, such as data minimization, data de-identification, and data governance frameworks help fortify a business's defenses against cybercriminals and limit risks associated with the collection, use, and storage of data assets. Katherine Sainty and Sarah Macken, from Sainty Law, look specifically at data governance, data minimization, and data de-identification, and how businesses can best utilize these to safeguard data.

Nasir Doulah, Partner at Doulah & Doulah, explores the main cybersecurity regulations in Bangladesh, focusing on the ICT Act and the Cybersecurity Act. 

The Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flows (only available in Chinese here) (the Regulations) on March 22, 2024, following their initial request for public comment in October 2023. The Regulations aim to clarify data transfer obligations under the Cyber Security Law (CSL), Data Security Law (DSL), and the Personal Information Protection Law (PIPL) including the data export security assessment, personal information export standard contract, and personal information protection certification. OneTrust DataGuidance provides an analysis of the Regulations with comments provided by Dr. Michael Tan, Partner at Taylor Wessing.

The National Privacy Commission (NPC) issued the NPC Circular No. 2023-07 (the Circular) on December 13, 2023. This Circular is entitled Guidelines on Legitimate Interest and seeks to clarify the framework within which a personal information controller (PIC) may establish legitimate interest as a basis for processing personal data. The Circular is not meant to introduce any new basis for processing personal information, rather, it seeks to clarify concepts and requirements of legitimate interest, which is a lawful basis for processing personal information under Philippine privacy laws. Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, walks through these guidelines and their implications for PICs.  

The Circular should be read alongside part one and part two of the series on the NPC Guidelines on Consent, which comprise important tool kits for PICs and personal information processors that process the personal data of Philippine data subjects.