ASIAN INSTITUTIONS MUST START TO TACKLE EU DATA PROTECTION RULES INTRODUCED BY GDPR
The European General Data Protection Regulation (GDPR) aims to protect individuals located in the EU by introducing new binding obligations for data controllers and data processors. This means any company holding personal data of individuals who are located in the EU, regardless of its operating location, needs to comply with GDPR. As a consequence, many institutions in Asia will fall within scope. With less than six months to the enforcement date, companies are still unclear around how and when the European Commission will look at extra-territorial enforcement and how it will cooperate with local regulators to enforce GDPR outside of its borders
To better understand the associated impact on Asian businesses, Sia Partners has conducted a thorough gap analysis study in Hong Kong and Singapore, where local companies have started to grasp the importance of GDPR following some announcements by their Privacy commissioners - respectively Stephen Wong and Tan Kiat How - to propose amendments of the privacy law and to uplift the standards.
To find out the key difference between GDPR, PDPO (Hong Kong Data Privacy Ordinance) and PDPA (Singapore Data Privacy Act), please click here