Unity in Diversity

Working locally, thinking globally

While business and technology are increasingly without borders, privacy laws certainly are not. Like the cultures they emanate from, privacy laws differ considerably across the Asia Pacific. This tension between global business needs and local legal requirements gave rise to the OECD’s privacy principles back in 1980, but 39 years later there is still considerable work to do before we can begin to imagine a future where privacy laws are ‘harmonised’. In developing or strengthening privacy legislation, many countries in the Asia Pacific region have taken inspiration from the European Union (EU) General Data Protection Regulation (GDPR), by either adopting, or planning to adopt, similar or more stringent regulations. An example can be found in Japan, whereby in 2019 it received an adequacy approval from the European Commission, enabling frictionless data sharing between the EU and Japan. In many respects, the GDPR has been the most successful privacy law to date in terms of moving towards global harmonisation and having an impact right across the Asia Pacific region, directly and indirectly.

Introducing this Guide

This Deloitte Asia Pacific Privacy Guide, in its second edition, expands on the original and highlights more granular privacy considerations when handling personal information. The intended audience for this guide are business, risk and compliance specialists who may have privacy management within their remit, but who may not have a deep understanding of the nuances in privacy requirements across the Asia Pacific.

We hope it will be a solid starting point to help guide you in your role but we always encourage consultation with a privacy specialist. Given this is a point in time snapshot of the privacy framework in the region, and to ensure you have the most up-to-date information on requirements, please follow the links to the official resources we have provided for each location, where available.