As data protection legislation is becoming more established around the world, with influential laws such as the European Union’s General Data Protection Regulation (EU GDPR) and China’s Personal Information Protection Law (PIPL) leading the way, data protection professionals need to take a broader view.
This is the opinion of Sarah Wang Han, Head of Research at Straits Interactive, and a data privacy consultant who has studied Chinese data protection legislation.
“Organisations need to know that for certain regions, for certain countries, there are different data privacy requirements. These are countries that may require data localisation, or classified data, and if you are doing business or dealing with personal data there, you need to be very clear about what is required,” she said.
“Can you transfer the personal data [from one country to another]? Can you get the personal data from a country? These are questions you need to know the answer to, as this will affect your business. So of course you need to know the differences in data protection for those jurisdictions,” said Han, who has a Master of Laws from Hunan University.