Data Protection

India's data protection law is already being criticized, with some claiming it does too little by not giving the data protection authority sufficient power to bring violators to justice; and others fearing it goes too far with the potential for mass surveillance

Selling customer data such as banking records, vehicle registration and mobile phone usage is big business in China. Recent data theft of 130 million clients of Huazhu Hotels Group saw the stolen payment and contact information going for about US$56,000.

Many regulators prefer voluntary GDPR compliance, but are prepared to back that up with tough action when required. This is why your reporting must be ‘regulator ready’.

Financial market regulators from outside the EU are now seeking GDPR exemptions for the purpose of "public interest", for example cracking down on securities fraud, including the SEC in the U.S. as well as regulators in Japan and Hong Kong.

The California Consumer Privacy Act (CCPA) is the latest in privacy compliance. Although not as comprehensive as what is provided by the GDPR, there are useful operational overlap that can help with compliance with the CCPA.

Majority of CEOs may severely underestimate the consequences of GDPR non-compliance, and more worrisome are unaware of what had to be done or had been done by their staff to implement compliance measures.

While the legitimate interests ground for processing under the GDPR can be lawfully applied in many cases, a provisional balance should be established by data controllers with more safeguards for the protection of data subjects.

Mobile applications collect a lot of personal data. What are the GDPR considerations for mobile app businesses when laying out the concept and execution of their application?

The General Data Protection Regulation (GDPR) implementation date has arrived. What are the behind-the-scenes work that political parties around the world have to undertake to ensure compliance?

Developing an effective privacy management infrastructure for GDPR compliance seems daunting. How do you prioritize to meet GDPR accountability obligations?