ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailMenu BurgerPositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter
Business trends

Half of big Japanese companies fall short on Europe's data rules

Lack of progress one year on puts cross-border information flows at risk

Many Japanese companies risk running afoul the EU's data privacy protection rules.

TOKYO -- A year after the European Union imposed tough new rules governing the collection of personal data, nearly half of major Japanese companies have yet to fully comply -- an increasingly risky state of affairs as Brussels cracks down on violators.

Ninety-one of 100 companies surveyed by Nikkei said they were subject to the General Data Protection Regulation, for such reasons as having customers in Europe. Of these, 41 still had some or a significant amount of work to do to come into compliance as of Thursday. While this is an improvement from the survey conducted just before the new regulations took effect last May, when 70 companies said they were not fully ready, corporate Japan still has a long way to go.

Not only do violators potentially face fines of up to 20 million euros ($22.3 million) or 4% of annual global revenue, whichever is higher, but noncompliance also risks damaging trust in Japanese companies' handling of consumer data more generally.

The EU in January deemed Japan to have a comparable level of data protection regulation to its own, making it easier for Japanese businesses to transfer data out of Europe. But this so-called adequacy decision will come up for review after two years, and application of the rules will be taken into account.

The GDPR imposes strict standards on the collection and use of personal data by companies and organizations. Even given that the regulations set a high bar to clear, corporate Japan lags noticeably behind other countries.

As to the reasons for the discrepancy, some familiar with the situation -- including attorneys advising businesses on GDPR compliance -- suggest that there is a lack of urgency because Brussels has yet to take action against any Japanese enterprises.

"We were waiting to see what other Japanese companies did," said a representative at a large homebuilder that said it still had much work to do to comply with the EU rules.

The adequacy decision itself also may have lulled some into complacency. "A lot of companies misunderstood it to mean that they were now compliant with GDPR," a representative of a major consulting firm said.

Brussels started going after violators in earnest in the latter half of 2018. About 206,000 cases were reported in the first nine months of GDPR implementation, with a total of roughly 56 million euros in fines imposed by authorities in 11 countries, according to the European Data Protection Board, which is in charge of applying the regulations.

"The wave of crackdowns will reach Japan," said Izumi Umezawa of EY Advisory & Consulting. Companies "need to analyze the situation and get ready," Umezawa said.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends June 30th

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media