International Data Privacy Day 

AP Cyber – Data and Privacy capabilities in Asia Pacific

Managing privacy and personal data are complex, and the consequences of getting them wrong are significant. A large-scale violation of privacy through the misuse, loss or breach of data will result in widespread loss of trust and a number of other serious commercial, reputational, legal and regulatory consequences. The upside of getting it right is the ability to use personal data responsibly to enable business opportunities and enhance trust. Building trust through responsible and ethical data use is fundamental for the sustainable success of any organisation.

Recent technological advances mean that organisations process, and have access to, more data than ever before. Across Asia Pacific, privacy and data protection legislations are evolving fast and rules are getting stricter. While the focus is understandably on being compliant with legislation, at Deloitte we also see the opportunities that various privacy and data protection challenges bring.

Read our new AP Cyber Data and Privacy brochure​, which outlines why privacy and data protection is so important and provides an overview of our capabilities across Asia Pacific.

Asia Pacific Data Localisation Guide 2023

In efforts to control the dissemination and use of local information in an increasingly connected digital world, nations around the globe–including in the Asia Pacific region–are requiring that certain data originating within their borders stay within their borders, or that a copy remain within jurisdictional boundaries. Others are considering such legislation as well. To comply, organisations may need to localise the processing, storage, analysis, and all other uses of the data they collect.

Localising can have a positive effect: it can help protect data privacy and improve data security. But data localisation can also pose challenges, not only to compliance but also to simply doing business.

Adding to the complexity is the fact that each requirement is unique. The resulting legislation patchwork can be confusing.

To help businesses and compliance specialists understand the nuances of existing laws and anticipate those under consideration, we’ve compiled the Deloitte Asia Pacific Data Localisation Guide 2023, a compendium of data localisation laws, regulations, amendments, and requirements as well as proposals.

For each mandate we provide:

• Overview and summary, including its status (approved or pending)
• Applicability: to whom it applies
• Types of data to which it pertains
• Specific requirements
• Penalties
• Exemptions
• Link to the full regulation

We hope the guide will prove valuable to organisations navigating data localisation requirements across the Asia Pacific region. 

Understanding the Digital Personal Data Protection Bill (DPDPB)

The Ministry of Electronics and Information Technology recently published the draft Digital Personal Data Protection Bill, 2022 (“DPDPB, “Proposed Law”) on 18 November 2022 for public consultation.

The current draft is a significant change from its predecessor drafts and is more open ended, leaving much to be prescribed by the Central Government. It’s a simplified version attempting to strike a balance between privacy rights, data protection and a digitally progressing economy.

Here’s a ready reckoner that provides an analysis of the key provisions of the proposed law, their impact on businesses, and our recommendations on the way forward for your readiness journey.

Best practices and tips to help you protect your data

Coming soon