General Data Protection Regulation: Are Asian Corporates Ready?
Kathryn Weaver
Co-OMP | Partner | International Employment Lawyer | Regional Head of Employment at Seyfarth Shaw | Mentor | Statutory, Advisory and Editorial Board Member for Various Companies | [email protected]
General Data Protection Regulation: Are Asian Corporates Ready?
At our GDPR breakfast seminars being held in Hong Kong on March 13th and in Singapore on March 15th, Alex Milner-Smith of Lewis Silkin LLP (and Lionel Tan of Rajah & Tann for the Singapore session) will discuss the implications for businesses in Asia of the EU GDPR, which comes into force on 25 May 2018, as well as what steps can be taken to ensure compliance and avoid potential penalties.
The GDPR will be applicable to the processing of personal data both inside and outside of the EU. This will have wide-reaching implications for any business handling data pertaining to EU citizens wherever that business is based in the world. In this respect, companies in Asia Pacific, who collate/process/store the personal data of EU clients/customers they provide services or products to or the personal data of their EU employees should be aware of the following key aspects of the GDPR:
What is the GDPR and why is it being implemented?
The GDPR was adopted in 2016 and is the first new EU-wide Data Protection legislation since the Data Protection Directive of 1995. The need to create binding regulations to protect the data of EU residents has become crucial in recent years, as the aging Data Protection Directive did not account for the widespread use of the internet, smartphones, and social media, for example. The concepts and language of the GDPR is similar to the old legislation, but it will unify the regulation for data protection within the EU and update it for the times encompassing many of the new realities of how businesses work and interface with customers.
What changes will the GDPR bring about?
The GDPR will require businesses not only to comply with data protection principles, but also demonstrate compliance through records and other means. There will be penalties for breaches of the GDPR, with fines reaching up to 4% of worldwide revenue. These penalties can vary in severity depending on a range of factors, including the actions taken to mitigate the damage, the nature and the gravity of the infringement. An important point is that the GDPR will have international reach and will apply to the processing of the personal data of any EU resident (be they an employee, customer or otherwise).
What can businesses do to prepare for the GDPR and why is it important to start now?
Many businesses in the EU have already prepared for these changes over the last two years, but others, especially in the Asia Pacific region, have not. Small to medium-sized companies conducting business within the EU or with EU citizens are most likely to be “caught out” by the GDPR, because they have fewer resources to deal with it, are less likely to be aware of the implications and may struggle with paying the penalties if found to be in breach. Moreover, because there was a two-year transitionary period preceding the GDPR coming into force, there will be no grace period. However, there is still just about enough time to prepare for the GDPR. Some of the steps that can be taken are to minimise the data collected, as well as to ensure that detailed records are maintained for any data processing activities.
The full scope and implications of the GDPR, as well as how companies can prepare for it, will be covered in depth at the seminars. The seminars are hosted by Lewis Silkin, in collaboration with Rajah & Tann for the Singapore session. More information is available here.
Total Rewards & Human Resources Strategist | Executive Coach (IAC Certified Coach??) | Authorised Instructor of IC Agile | Hogan Assessment
6 年It is a very useful session this morning. Thank you for organising the event.