Hiroyasu Kageshima delivered a lecture on how to address the personal data handling regulations of various countries.

Sanno Park Tower 12F (Reception) and 14F,
11-1, Nagatacho 2-chome, Chiyoda-ku,
Tokyo 100-6114, Japan

Tokyo Metro Ginza Line: G06 Tameike-sanno Station, Exit 7 (directly accessible through the second basement)

Tokyo Metro Nanboku Line: N06 Tameike-sanno Station, Exit 7 (directly accessible through the second basement)

Tokyo Metro Chiyoda Line: C07 Kokkai-gijido-mae Station, Exit 5 (3 minutes’ walk)

Tokyo Metro Marunouchi Line: M14 Kokkai-gijido-mae Station, Exit 5 (10 minutes’ walk through Chiyoda Line platform)

How to Address the Personal Data Handling Regulations of Various Countries

~ New SCC, China’s Personal Information Protection Law, Etc. ~

Outline of the Seminar

Under the EU’s General Data Protection Regulation (GDPR), there have been a number of cases of monetary penalties, and the measures to comply with GDPR need to be updated in various respects. Also, as new SCCs (Standard Contract Clauses) have been adopted, all contracts using the old SCCs have to be replaced by December 2022. In order to share or transfer personal information internationally, it is extremely important to comply with Article 24 of Japan’s Personal Information Protection Act, and in addition, it has become necessary to comply with the 2020 Amendment by the end of March 2022. Furthermore, China finally enacted its Personal Information Protection Law, and we need to address it by the end of October 2021.

In this Seminar, the lecturer explains points to note for a company’s head office in Japan to share personal data with its business partners and subsidiaries in foreign countries, based on the relevant Japanese legislation as well as GDPR (EU), CCPA (California), China’s Personal Information Protection Law and Cybersecurity Law, and the relevant legal systems of Thailand and other Asian countries.

Contents

1. EU’s GDPR
(1) In what cases does GDPR apply?
(2) Key points for complying with GDPR
– Points to note regarding acquisition of consent from a principal and obligation to provide information
– Basis for processing information (Why can’t we process employees’ information based on their consent?)
– Handling of cookies
(3) Timing and method of conforming contracts to the new SCCs
(4) Practical measures based on recent cases of monetary penalties

2. Trends and important points regarding personal information protection legislation in the U.S.
(1) Enforcement by the FTC (Federal Trade Commission)
(2) Measures to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)
– In what cases does CCPA apply?
– Points to note in addressing CCPA
– Changes made to CCPA by CPRA

3. Japan’s Personal Information Protection Act and global handling
(1) Cases where Japanese laws apply to foreign corporations in foreign countries
(2) Restrictions on the provision of personal data to a third party in a foreign country
(3) Is it possible to “share” information with foreign-based subsidiaries?
(4) Operation of overseas transfers under the 2020 Amendment

4. China’s Personal Information Protection Law (new law)
(1) Points of the Cybersecurity Law
(2) Measures to comply with the new “Personal Information Protection Law”
(3) Conditions for transferring information to Japan

5. Trends in personal information protection legislation in Asian countries and points to note
(1) Thailand’s Personal Data Protection Act
(2) Korea
(3) Taiwan, Singapore, Malaysia, Hong Kong, Philippines
(4) Indonesia, Vietnam 6. Measures for sharing and communicating personal data with business partners and subsidiaries in foreign countries; case studies and Q&A