Overview
The cross-border transfer of personal data is a complex and evolving area
In Europe, the commencement in May 2018 of the General Data Protection Regulation (GDPR) ushered in a new era of control and transparency for the greater benefit of data subjects but with that comes a regulatory and compliance impost on the collectors of personal data.
In Australia, the introduction in February 2018 of the Notifiable Data Breach scheme has some important ramifications for offshoring and outsourcing.
In this group of topics, therefore, we highlight key issues in the current regulatory landscape affecting cross-border transfers of personal data, starting with a consideration of what is meant by the term “personal data”.
As a general guide, personal data in Australia may
Businesses operating in Asia, or who engage service providers with operations in Asia, need to be across the potential regulatory impacts in force in other jurisdictions that could apply. This subtopic takes a closer look at Indonesia, China, Malaysia and Singapore each of which have or are in the process of introducing new, cybersecurity-specific legislation.
The Asia-Pacific region is incredibly diverse and this diversity is reflected in the levels of cyber sophistication to be found throughout the region. The region has some of the most cyber-sophisticated countries according to the Global Cybersecurity Index 2017 (GCI) — Singapore, for example, was ranked number 1 out of 193 countries. The GCI measures regulatory commitment to cybersecurity and is produced by the United Nations
The opportunities presented by cloud computing make this technology one of the most important IT developments in recent years, with both the private and public spheres increasing their uptake of cloud services. Workplace environment transformations, increased collaboration, shared or remote workspaces, and flexible work arrangements, have all encouraged the proliferation of cloud computing.
The Australian Signals Directorate (ASD), adopting the definition developed by the National Institute of Standards and Technology (NIST), defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (eg networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
But with increased opportunity there is also corresponding
View all Data protection aspects of cloud computing guidance
Handing over personal data at work is an activity that most people accept is just a normal part of their job.
But for employers, and their lawyers, it is crucial to be aware of the rules regulating employee data, especially if employers are operating in more than one jurisdiction. As it will become apparent in this guidance note, different jurisdictions take very different approaches to regulating employee data which can cause confusion and may result in unnecessary penalties.
There are many questions that different data protection laws have attempted to answer worldwide. For example, when a jobseeker completes an online application, or hands over their CV, are they relinquishing ownership of that personal information? Do they need to provide consent if their
Guidance
Understanding personal data
What is personal data?
Complying with transfer of personal data obligations under Australian law
Personal data obligations under Commonwealth statute
Identifying requirements for transferring personal data overseas
Scope | Transferring personal data overseas
Overview of data requirements in Asia
Data requirements in Asia | Businesses operating in Asia
Checklists
Data security - Checklist for De-identification of personal information
A. Mitchell, Unisys
Checklist for Complying with both the Privacy Act and the GDPR
S. Sharma, S. Field and B. Tomlinson, Maddocks
Privacy - Checklist for Privacy policy
S. Sharma, Special Counsel, Maddocks
Cybersecurity strategy - Checklist for Overall cybersecurity strategy
P. Fair and S. Lee, Baker McKenzie
Data security - Checklist for Data security audit plan
A. Mitchell, Unisys
Workflow Checklist: Exceptions to notification obligations
D. Kneller, Madgwicks Lawyers
Data Breach Assessment Guideline
P. Fair and S. Lee, Baker McKenzie
Checklist for Ensuring data protection compliance
P. Fair and S. Lee, Baker McKenzie
Privacy - Internal privacy guidelines for staff
S. Sharma, Special Counsel, Maddocks
Cybersecurity strategy - Checklist for remote working
LexisNexis Legal Writer Team
EU General Data Protection Regulation (GDPR) - Compliance checklist
S. Sharma, S. Field and B. Tomlinson, Maddocks
Checklist for computer and device use
P. Fair and S. Lee, Baker McKenzie
Checklist for Transfers of personal data outside the European Economic Area
S. Sharma, S. Field and B. Tomlinson, Maddocks
Checklist for Data breach response guideline
P. Fair and S. Lee, Baker McKenzie
Privacy - Checklist for direct marketing
S. Sharma and E. Lau, Maddocks
Workflow Checklist: Identifying when a data breach is notifiable
D. Kneller, Madgwicks Lawyers
Data security - Checklist for Disaster recovery planning
A. Mitchell, Unisys
Workflow Checklist: Assessing a suspected data breach
D. Kneller, Madgwicks Lawyers
Checklist for Staff training on data protection compliance
P. Fair and S. Lee, Baker McKenzie
EU general data protection regulation (GDPR) - Checklist for controller versus processor
S. Sharma, Special Counsel and B. Tomlinson, Partner, Maddocks
Threshold compliance checklist - GDPR and the Privacy Act
S. Sharma, S. Field and B. Tomlinson, Maddocks
Privacy by design - practical checklist
S. Sharma, Maddocks
Workflow Checklist: Content of notification
D. Kneller, Madgwicks Lawyers

Legislation

- Understanding personal data
- Complying with transfer of personal data obligations under Australian law
- Identifying requirements for transferring personal data overseas
- Identifying how information is stored & accessed within a cloud environment
- Common data and cybersecurity standards
- Understanding employee data privacy obligations in Europe