Sanno Park Tower 12F (Reception) and 14F,
11-1, Nagatacho 2-chome, Chiyoda-ku,
Tokyo 100-6114, Japan

Tokyo Metro Ginza Line: G06 Tameike-sanno Station, Exit 7 (directly accessible through the second basement)

Tokyo Metro Nanboku Line: N06 Tameike-sanno Station, Exit 7 (directly accessible through the second basement)

Tokyo Metro Chiyoda Line: C07 Kokkai-gijido-mae Station, Exit 5 (3 minutes’ walk)

Tokyo Metro Marunouchi Line: M14 Kokkai-gijido-mae Station, Exit 5 (10 minutes’ walk through Chiyoda Line platform)

News

2022.08.02

Hiroyasu Kageshima delivered a lecture on international transfers of personal data in compliance with laws of various countries.

Host: Business Research Institute
Date: Tuesday, August 02, 2022, 13:00-17:00
Venue: Seminar room at Business Research Institute/Online

International Transfers of Personal data in Compliance with China’s Personal Information Protection Law, GDPR and Laws of Various Countries – Based on latest trends in personal information protection legislation in the EU, the U.S., Japan, China and various Asian countries –

~ New SCC, China’s Personal Information Protection Law, Etc. ~

Under the EU’s General Data Protection Regulation (GDPR), there have been a number of cases of monetary penalties, and the measures to comply with GDPR need to be updated in various respects. Also, as new SCCs (Standard Contract Clauses) have been adopted, all contracts using the old SCCs have to be replaced by December 2022. In order to share or transfer personal information internationally, it is extremely important to comply with Article 24 of Japan’s Personal Information Protection Act, and in addition, it has become necessary to comply with the 2020 Amendment by the end of March 2022. Furthermore, China finally enacted its Personal Information Protection Law, and we need to address it by the end of October 2021.

In this Seminar, the lecturer explains points to note for a company’s head office in Japan to share personal data with its business partners and subsidiaries in foreign countries, based on the relevant Japanese legislation as well as GDPR (EU), CCPA (California), China’s Personal Information Protection Law and Cybersecurity Law, and the relevant legal systems of Thailand and other Asian countries.

Contents

I. Points to note in laws and regulations of various countries

1. EU’s GDPR

(1) In what cases does GDPR apply?

(2) Key points for complying with GDPR

  - Points to note regarding acquisition of consent from a principal and obligation to provide information

  - Basis for processing information (Why can’t we process employees’ information based on their consent?)

  - Handling of cookies

(3) Timing and method of conforming contracts to the new SCCs

(4) Practical measures based on recent cases of monetary penalties

2. Trends and important points regarding personal information protection legislation in the U.S.

(1) Enforcement by the FTC (Federal Trade Commission)

(2) Measures to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)

3. Japan’s Personal Information Protection Act and global handling

(1) Is it possible to “share” information with foreign-based subsidiaries?

(2) Operation of overseas transfers under the 2020 Amendment

4. China’s Personal Information Protection Law (new law)

(1) Points of the Cybersecurity Law

(2) Practice of cross-border transfers under the Personal Information Protection Law

5. Trends in personal information protection legislation in Asian countries and points to note

(1) Thailand’s Personal Data Protection Act

(2) Taiwan, Singapore, Malaysia, Hong Kong, Philippines

(3) Indonesia, Vietnam

II. Practice of establishment of rules/contracts/systems for sharing and exchanging information internationally

(1) Case study: sharing and exchanging personal data with business partners and subsidiaries in foreign countries

(2) Things to do as a company project

(3) Points for formulating the global privacy policy

(4) Points for drafting the data transfer agreement (5) Rules for establishment of data governance systems among group companies