Preparing for the Future of Data Protection in Asia:What to Expect From 2023
This article will provide an overview of what has changed and what to expect in Asia in the future. We'll start with laws that go into effect in 2023 and work our way up to those that could be passed soon. Finally, we'll go over the laws that may need to be changed this year in order to be better prepared for 2024.
Secure Privacy Team
·5 min read
Share:
Some Asian countries have had difficulty enacting and enforcing comprehensive data protection legislation. After a few delays due to COVID-19, the Thailand PDPA, for example, went into effect in 2022.
In 2022, Japan, China, Singapore, and the UAE updated their data protection laws.
Nonetheless, some major economies, such as India and Indonesia, lack comprehensive legislation.
In some countries, this has changed. It is about to change in other countries.
RELATED CONTENT
Continue Reading
Explore more privacy compliance insights and best practices
This article will provide an overview of what has changed and what to expect in Asia in the future. We'll start with laws that go into effect in 2023 and work our way up to those that could be passed soon. Finally, we'll go over the laws that may need to be changed this year in order to be better prepared for 2024, including
It is a comprehensive law that imposes stringent requirements on Saudi and foreign businesses that sell or provide services to Saudi citizens.
Unlike most other data protection laws, Saudi law requires businesses to register with the government as data controllers and pay a registration fee. Furthermore, they must register their processing activities.
Other obligations include:
Obtaining explicit consent for personal data processing
Obtaining approval from authorities for international data transfers of Saudi residents
Conduct impact assessments to assess the privacy risks to individuals
Respond to data subject requests to exercise rights
Notify authorities of all data breaches
Violations may result in a monetary fine of up to one million Saudi riyals ($250,000) and up to one year in prison.
Data Protection Laws That May Be Enacted in 2023
India and Malaysia are on the verge of enacting new privacy laws or revising existing ones.
The current draft is still under consideration by the legislative bodies. It has been criticized, but it has also received a lot of positive feedback.
Businesses will be required to obtain explicit consent, similar to the GDPR standard in Europe. Businesses will be allowed to consider the consent given by customers in some cases.
It also provides access, deletion, correction, portability, and other privacy rights.
The law's effective date is still unknown. If it is passed in 2023, it is unlikely to go into effect before 2024, because privacy laws typically provide a grace period for companies to adjust.
Malaysia's Personal Data Protection Act of 2010 is still in effect, but it may be updated soon. Data subjects already have legal rights to data protection. In many cases, consent is also required for data processing.
Among the proposed changes are the following:
Appointment of Data Protection Officers in some cases
Obligatory reporting of data breaches to authorities and data subjects
Introducing the right to portability of personal data
Requirement for data processors to comply with the data security standards prescribed for data controllers
Prescribes a blacklist of countries to which cross-border data transfers are prohibited (unlike the EU, which prescribes a whitelist of countries with adequacy decisions).
The changes bring Malaysian law up to date, but the requirements for consent and other processing are not as stringent as in Thailand's, Indonesia's, Japan's APPI, and possibly India's new laws.
Data Protection Laws Coming into Effect in 2024
Some data protection laws will go into effect in 2024, but you should start planning for them now. (Read about Japan's APPI)
Indonesia
For a long time, the Indonesian government, like India, has been attempting to pass a comprehensive data protection law.
You'll have time to adjust your privacy practices to the new requirements by 2023. It goes into effect in 2024. Penalties for noncompliance could range from 4 to 6 billion Indonesian rupiahs, or $250,000 to $390,000. Some offenses may result in a 4-6 year prison sentence.
The following are the most important requirements:
Provide users with a privacy notice
Obtain explicit and specific consent for data processing
Notify data subjects and authorities about any data breaches
Honor data subject requests
Comply with the cross-border data transfer standards
Do data protection impact assessments in some cases
Appoint a DPO where required
The Indonesia PDPL is similar to the EU's GDPR, but also to Thailand's PDPA, which was also modeled after EU law that sets global standards.
Sign up to our newsletter
and get the latest news on data privacy
