Data requirements in Asia

Businesses operating in Asia, or who engage service providers with operations in Asia, need to be across the potential regulatory impacts in force in other jurisdictions that could apply. This subtopic takes a closer look at Indonesia, China, Malaysia and Singapore each of which have or are in the process of introducing new, cybersecurity-specific legislation.

The Asia-Pacific region is incredibly diverse and this diversity is reflected in the levels of cyber sophistication to be found throughout the region. The region has some of the most cyber-sophisticated countries according to the Global Cybersecurity Index 2017 (GCI) — Singapore, for example, was ranked number 1 out of 193 countries. The GCI measures regulatory commitment to cybersecurity and is produced by the United Nations International Telecommunication Union.

In September 2018, 10 Association of Southeast Asian Nations (ASEAN) nations announced that they would create a framework for cooperation on cybersecurity. The framework will focus on greater regulatory cooperation and on the introduction of more comprehensive cybersecurity laws.

Indonesia, China, Malaysia and Singapore’s new laws all have one thing in common — they all implement measures to protect Critical Information Infrastructure (CII). The meaning of this term differs between jurisdictions, but it can be anything from healthcare to transport to financial services. In all jurisdictions, entities that operate CII will be subject to more onerous requirements than other organisations and individuals.

As well as insight into the regulation of CII, this subtopic provides practical tips about:

  • Developments in Indonesia, including the establishment of a new cyber agency under direct presidential control;

See Understanding the regulatory framework in Indonesia.

  • China’s new cybersecurity law, which introduces new responsibilities for a huge variety of organisations, including multinational corporations. In a complex regulatory landscape, lawyers and their clients are urged to keep a close eye on the interpretation and implementation of cybersecurity laws in China;

See Understanding the regulatory framework in China.

  • Malaysia’s new cybersecurity law, yet to commence, and Malaysia’s current regulation of cybersecurity and personal data, including who regulates it. Malaysia is well placed to enforce its new law, with a single agency dedicated to cybersecurity, a government committed to overcoming cybersecurity issues and a well-established record on personal data protection;

See Understanding the regulatory framework in Malaysia.

  • Singapore’s new cybersecurity Bill and how it relates to Singapore’s strong existing legislation on cybersecurity and data protection, as well as the practical application of Singapore’s existing personal data protection acts;

See Understanding the regulatory framework in Singapore.