PDPA Update – Thailand’s New Legislation on Personal Data Breach Notification

On 15 December 2022, the Notification of the Personal Data Protection Committee (the “PDPC“) Re: Criteria and Means on Personal Data Breach Notification (the “PDPC Notification“) was published on the Thailand’s royal gazette and takes effect on the same day. This sets out more elaborated requirements on one of the key data controller’s obligations – … Read more

Key changes in data privacy and cyber security laws across Southeast Asia in 2022

2022 is a milestone year for data privacy and cyber security laws developments across Southeast Asia.  We set out the key changes as follows: The new Personal Data Protection Law in Indonesia became effective on 17 October 2022. Multiple data protection guidelines have been issued to supplement the Personal Data Protection Act in Thailand, which … Read more

$50m Penalties, More Regulatory Powers and Expanded Global Reach – Part One of Australia’s Privacy Act Reforms

On Wednesday 26 October 2022, Australia’s Attorney-General Mark Dreyfus introduced the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Cth) (Bill) into Federal Parliament. The Bill includes amendments to the Privacy Act 1988 (Cth) (Privacy Act), including: Maximum penalties of $50 million and more for serious or repeated interferences with privacy; Enhanced powers (including … Read more

President Biden’s Executive Order implements EU-US data privacy framework

President Biden recently issued an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Privacy EO) outlining steps that the US Government is taking to implement the US commitments under the European Union-US Data Privacy Framework (the Privacy Framework) that the US and the European Commission (EC) announced in March 2022 to … Read more

New guidance on the CAC security assessment for cross-border data transfer

On 31 August 2022, the Cyberspace Administration of China (“CAC“) published the Guidelines on the Application of Security Assessment of Cross-border Transfer of Data (“Guidelines“) to clarify how organisations in China can apply to CAC for a security assessment for cross-order data transfer, a requirement stipulated under the Measures for Security Assessment of Cross-border Transfer … Read more


On 20 September 2022, Indonesia’s President and House of Representatives (DPR) approved the Personal Data Protection bill following six years of deliberation. However, while the PDP bill has been approved by both the President and DPR, it has not yet been signed by the President, who is required by law to ratify the PDP Law … Read more

Journey to global privacy harmonisation: Australia joins the Global Cross-Border Privacy Rules Forum certification system

On 17 August 2022, the Australian Government announced that Australia joined the Global Cross-Border Privacy Rules (Global CBPR) Forum.[1] The Forum, launched in April 2022, establishes a certification system to help companies in participating jurisdictions demonstrate compliance with internationally-recognised privacy standards, with the aim of fostering interoperability and international data flows.[2] Read more