AN ALTERNATIVE MECHANISM FOR CROSS-BORDER DATA TRANSFER IN CHINA – CERTIFICATION

A company in China has the option of relying on (i) the standard contract (see our article) or (ii) certification to transfer personal information outside of China, if it is not subject to the mandatory Cyberspace Administration of China (CAC) security assessment. Certification is, therefore, an alternative data transfer mechanism to the standard contract under … Read more

AUSTRALIAN PRIVACY ACT REVIEW REPORT RELEASED

The report is long-awaited, and the reforms it canvasses are increasingly critical to the way businesses run and operate in a digital economy. We have seen evidence of this in Australia with large scale cyber-attacks affecting personal information held by businesses and government. The Report puts forward 116 proposals for reforming the Privacy Act. A … Read more

HAPPY INTERNATIONAL DATA PRIVACY DAY: OUR PREDICTIONS FOR 2023

Happy International Data Privacy Day for Saturday! And what better reason than that to explore what 2023 is likely to have in store for data and privacy? We are just over one year on from the UK government hinting that it might think outside the box in terms of data protection regulation. Two years on … Read more

Transfer Impact Assessments – divergence between EDPB and ICO approaches

Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more

PDPA Update – Thailand’s New Legislation on Personal Data Breach Notification

On 15 December 2022, the Notification of the Personal Data Protection Committee (the “PDPC“) Re: Criteria and Means on Personal Data Breach Notification (the “PDPC Notification“) was published on the Thailand’s royal gazette and takes effect on the same day. This sets out more elaborated requirements on one of the key data controller’s obligations – … Read more

Key changes in data privacy and cyber security laws across Southeast Asia in 2022

2022 is a milestone year for data privacy and cyber security laws developments across Southeast Asia.  We set out the key changes as follows: The new Personal Data Protection Law in Indonesia became effective on 17 October 2022. Multiple data protection guidelines have been issued to supplement the Personal Data Protection Act in Thailand, which … Read more