2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific (APAC) region were over the course of the year.
Much of the focus internationally was on preparations for the May, 2018 implementation of the European Union’s General Data Protection Regulation (GDPR). However, the APAC region was noteworthy in particular for China’s introduction of its Cyber Security Law, for a noticeable region-wide trend towards tighter, more strictly enforced regulation and for concrete efforts towards greater inter-operability of national data protection regimes.
2017 also saw India chart a course for the introduction of a comprehensive data protection law and China introduce a GDPR-inspired non-binding national standard – clear indications that a broad consensus on the approach to data protection regulation has emerged in the region, even if points of specific detail continue to have critical points of difference.
The development of cyber security regulation continues to be more patchy. China’s Cyber Security Law was of course the main development regionally on this front in 2017. But with Singapore introducing a Cyber Security Law and other jurisdictions across the region working towards the same result, we also see concerted efforts by lawmakers region-wide to address this increasingly important area.
Meanwhile, the Asia-Pacific Economic Cooperation (APEC) Privacy Framework has provided some rough sign-posts for a common approach to principles based data protection regulation in the region. But while the common themes of the APEC framework are well-evident in national data protection laws across the region, it is clear that a strict harmonization of laws is unlikely.
Our Asia Pacific Data Protection and Cybersecurity Guide 2018: Shifting landscapes across the Asia-Pacific region provides an overview of regional developments in 2017 and what to look out for in 2018. It features a “heat map” comparing the regulatory environments in Asia’s key jurisdictions, individual country spotlights, and a guide with considerations for businesses setting up compliance programs.
For Hogan Lovells’ Asia Pacific Data Protection and Cybersecurity Guide 2018: Shifting landscapes across the Asia-Pacific region, click here.