China Cybersecurity and Data Protection: Monthly Update – May 2021 Issue

This e-bulletin summarises the latest developments in cybersecurity and data protection in China with a focus on the regulatory, enforcement, industry and international developments in this area. Our highlights In late April, we saw the second reading of the proposed Personal Information Protection Law (PIPL) and Data Security Law (DSL) by the Standing Committee of … Read more

China – Cyber security and data protection April round up

The financial regulators have continued to increase their efforts to develop and protect financial data. The People’s Bank of China released new standards on enhancing the data capability of financial institutions. Further, several banks were penalized for violating data protection rules in relation to processing of personal information. MIIT has maintained its focus on its … Read more

ENSURING COMPLIANCE WITH ELECTRONIC MARKETING RULES: A CLOSER LOOK AT SOFT OPT-IN CONSENT

The ICO’s recent decision to take enforcement action against a number of organisations (both in the form of investigations and regulatory fines) for sending unsolicited email and text based electronic marketing communications to individuals should serve to prompt organisations to take stock of the ways in which they promote their products and services using electronic … Read more

HOW TO CALCULATE A GDPR FINE – THE PROPOSED ICO WAY

The Information Commissioner’s Office in the UK (the “ICO”) has published for consultation its draft statutory guidance setting out how it will regulate and enforce data protection legislation in the UK. The document explains all of the ICO’s key powers (including information notices, assessment notices, enforcement notices and penalty notices). Perhaps most interestingly for organisations, … Read more

High GDPR fine issued but not for a data security breach

The Hamburg data protection regulator in Germany has issued a fine of €35.3 million against retail firm H&M for breaches of the GDPR relating to the excessive and unlawful collection of employee data. Interestingly, although the fine is the highest yet levied by a German regulator, it did not relate to a data security breach, … Read more

COVID-19: ICO publishes details of its regulatory approach during COVID-19 (UK)

The ICO has published details of its regulatory approach during the ongoing COVID-19 emergency; this is an approach which should reassure entities who are adapting to the economic and practical realities of operating in the current climate, as well as balancing their data protection obligations.  The UK regulator has continued to be reasonable and pragmatic, … Read more

COVID-19: SFC extends deadline for data storage compliance (Hong Kong)

The Hong Kong Securities and Futures Commission (SFC) has extended its deadline for licensed corporations to confirm compliance with its new data storage regulations, due to the COVID-19 outbreak. On 31 March 2020, the SFC granted a six-month extension to the implementation deadline for aspects of its 31 October 2019 circular on the use of external electronic data storage … Read more