Almost a year after the EU’s General Data
Protection Regulation (GDPR) came into force, in-house counsel
have told IFLR that lax standards in Asia make it challenging
for organisations to meet the high regulation’s
high standards. Some are making structural amendments to ensure
EU branches are dealing with EU clients.
Most globally active banks will have implemented robust GDPR
compliance frameworks well in advance of the
regulation’s May 2018 implementation date.
However, that may not be the case for all banks in Asia, said
Rebecca Terner Lentchner, head of government relations and
public policy APAC, BNY Mellon.
By some estimates, under 12% of
Asia Pacific-based firms were fully ready for GDPR last
May. "The biggest challenges arise from the
extraterritorial nature of the GDPR, Asian firms’
lack of familiarity with European regulatory adherence, and the
stiff penalties for noncompliance, including breach
notifications," said Lentchner.