Hogan Lovells - Asia-Pacific Data, Privacy and Cybersecurity Guide 2025 - Flipbook - Page 8
8
8
Hogan Lovells
a few data protection laws in APAC, but the
benefits of doing so are clear. Managing data
protection compliance risk through a project
management structure with designated points
of accountability and appropriate management
oversight significantly improves the
organisation’s ability to avoid increasingly
costly adverse publicity, investigations,
and fines.
Data protection compliance strategies
for APAC
With APAC region data protection standards
on the rise, and with lawmakers now showing
great resolve to punish those who fail to meet
the mark, multinational organisations have a
good reason to develop coordinated regional
strategies for compliance.
GDPR compliance programmes have provided
a blueprint for organisations seeking a systemic
approach to compliance. The introduction
of the Personal Information Protection Law
(the PIPL) in China has brought the GDPR
reference point closer to home. Extending a
GDPR-compliance programme to operations in
the APAC region would be “over compliance”
in a number of key aspects and, at the same
time, would miss important national law
requirements that can, in some respects, exceed
GDPR requirements or implement principles
consistent with GDPR in different ways.
Smart data protection compliance in APAC,
therefore, requires a local view. It also requires
a regional view, given there is significant
efficiency to be gained from developing a
compliance programme for APAC that reflects
the rising “high water mark” and so avoids
“re-inventing the wheel” for each jurisdiction.
Organisations take different approaches to
compliance for different reasons, but there is
now a proven process for taking a GDPR
compliance programme as the basis where it
applies, then stripping out elements which
have no application in the relevant APAC
