Here is something great to welcome under the stars of GDPR

Let’s leave behind the negative thoughts on record-breaking fines imposed under the dreaded Regulation, GDPR and focus on some new institutions that can help us ease administrative burden on our daily business processes and ensure them to be legal at the same time.

European Commission adopts adequacy decision on Japan, creating the world's largest area of safe data flows

The long awaited adoption of the decision on Japan–EU adequacy is finally here. Companies having a parent company, or strategic partnerships in Japan, no longer have to worry about how to transfer personal data of their employees, customers or suppliers outside of the EEA countries (ie. outside of EU, Iceland, Lichtenstein and Norway) legally in order to maintain their daily operation safe under the new stringent data protection rules.

Here is why.

Pursuant to GDPR it is mandatory for the companies processing personal data to comply with the rules of the GDPR when transferring personal data outside of EEA. Any transfer of personal data to such a third country might take place only if the country ensures an adequate level of protection decided on by the decision of the European Commission, so called adequacy decision, or on using appropriate safeguards, such as drawing up lengthy business corporate rules (BCR), or modell clauses, or at least if derogations are provided for in certain specific situations allowed by law.

Where the European Commission decided that a certain non EEA country ensures an adequate level of protection of personal data, no further safeguards, or authorization is needed for personal data transfer. The Adequacy Decision serves as sufficient legal base for personal data transfer, until amended, replaced or repealed by a Commission Decision. The European Commission has so far recognized several countries only as providing adequate protection, such as USA, Israel, Switzerland or Canada for example. Adequacy talks were ongoing with Japan and South Korea, nevertheless, no effective Adequacy Decision had been adopted by the European Commission in their respect until the 25th of May, 2018.

As of today, the European Commission and Japan announced they have agreed to recognize each other's data protection systems as 'equivalent', which will allow data to flow safely between the EU and Japan, meaning no further appropriate safeguards will need to be used for the transfer of personal data between the two countries. As outlined in the statement with this mutual adequacy arrangement, Japan and the EU reaffirm their commitment to shared values in the field of privacy, and to strengthen their cooperation in shaping global standards based on a high level of protection of personal data. The EU and Japan affirm that, in the digital era, promoting high privacy and personal data protection standards and facilitating international trade must and can go hand in hand.

And how can companies benefit from it? As EU Commissioner Věra Jourová stated

This adequacy decision creates the world's largest area of safe data flows. Europeans' data will benefit from high privacy standards when their data is transferred to Japan. Our companies will also benefit from a privileged access to a 127 million consumers' market. Investing in privacy pays off; this arrangement will serve as an example for future partnerships in this key area and help setting global standards.

Some further good news are still on the list, as future adequacy negotiations with other countries are soon to follow; however, until then and to be able to adhere quickly to the new rules, it is highly advisable to overview the personal data transferring practice and ensure a certain level of compliance prescribed by the GDPR.







欧州委員会は、今までにアメリカ、イスラエル、スイス、カナダなど、いくつかの国は十分な保護を提供していると認めてきました。日本と韓国とは協議が進行中でしたが、2018年5月25日施行開始時には欧州委員会によって採択されていませんでした。 この度、欧州委員会と日本は、互いのデータ保護システムを「同等」として認めることに合意したと発表しました。これはEUと日本の間でデータが安全に流通することが可能になります。EUと日本の間で個人データの転送が相互妥当性の取り決めに関する声明で概説され、日本とEUは、プライバシー分野における共通価値観へのコミットメントを再確認し、個人データの高度な保護に基づくグローバルスタンダードの形成における協力を強化しています。 EUと日本の間では、デジタル時代においてプライバシーと個人データ保護基準を推進し、国際貿易促進により密接に関係を深めることを確信します。

各企業は本内容から益を得るでしょうか? EU委員長のVěra Jourová氏は次のように言及しました。「世界最大の安全かつ円滑なデータ流通の機会が実現し、

EU市民のデータが高度なプライバシー基準で守られ1億2,700万人の日本消費者市場へアクセスできる特権から利益を得ることでしょう。プライバシーへの投資は効果をもたらします。この取決めはこの重要分野における将来のパートナーシップの一例として役立ち、世界標準の設定に役立ちます。」 他国々との十分性認定の交渉が間もなく続き、さらにいくつか数か国リストが紹介されることでしょう。ただしそれまでには、また新しい規則を迅速に順守ができるよう個人データ転送方法を概説し、GDPRが規定する一定レベルのコンプライアンス遵守を確保することを強くお勧めします。

Did you find this useful?