Upcoming changes to data protection legislation in Asia

The data privacy landscape in Asia is varied, complex and evolving. We are already seeing the wheels of change in motion as the data privacy laws of several Asian jurisdictions are being updated to reflect more closely the European data protection regime. This article summarises some of those changes.

In Asia, the data privacy landscape is varied, complex and evolving. Many, but not all, jurisdictions have some form of data protection regime, comprising of data protection and/ or data security laws (or a combination of both).

To add to these differing approaches, many Asian jurisdictions are in the process of substantially updating their data protection regimes. For example, in 2019 Thailand introduced its Personal Data Protection Act which imposes data use restrictions, civil liability for misuse and sanctions. The Act was due to come into effect in May 2019, but full implementation has been postponed until May 2020.

The tables in the article below provide a brief overview of some of the key changes which companies can expect to see coming into force in Hong Kong, Singapore, Japan and Taiwan in the near future.

Since these upcoming changes are increasing the level of protection afforded to data subjects, organisations operating in Asia markets will need to assess the impact of the changes on their business and take steps to ensure compliance. In the same way that data protection regulation is stringent in the EU market, the Asia market is fast becoming an environment in which data is protected with greater care, and mandatory breach notification obligations. Failure to follow the updated requirements could result in substantial penalties and reputational damage.

To read the full article, click the link below.