In the past 12 months, several key jurisdictions, including Australia, the PRC, India, Indonesia, Japan, Thailand, and Vietnam have either introduced their jurisdiction’s first-ever comprehensive data protection laws or are updating and reforming their existing privacy laws. 

Governments and regulators are also turning their focus on cross-border transfer of personal data creating an additional compliance burden for international organisations operating in the region. 

Compared to traditional regimes in the regime, sanctions for breach can be significant (including potential personal liability for responsible officers). This means that data privacy issues will potentially become a board level issue for many organisations in Asia - which may need to invest significant time and capital in their compliance with such laws to meet stakeholder expectations. 

Keeping abreast of these developments is therefore key. We are working closely with many of our clients to help them navigate the evolving regulatory landscape.

We explore the key themes across the APAC region and consider their impact in our latest DigiLinks post: Asia privacy developments – What multinationals need to know? (