ArrowArtboardCreated with Sketch.Title ChevronCrossEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailMenu BurgerPositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter
Politics

Japan and EU reach data transfer agreement

Tokyo to set GDPR-compliant rules this summer as business rushes to keep up

  © Kyodo

TOKYO -- Japan and the European Union agreed in substance on Thursday to allow the movement of personal information between their jurisdictions as soon as this fall, as Tokyo works to update rules for how Japanese corporations manage user data to meet the EU's new privacy law.

Vera Jourova, the European justice commissioner, told reporters here that she had made progress on reconciling protection standards in her meeting with Haruhi Kumazawa, an official on Japan's Personal Information Protection Commission.

Having an agreed-on framework in place would ease the administrative burden on Japanese companies seeking to comply with the new law, for which even big corporations remain woefully unprepared

The EU's General Data Protection Regulation, which went into force this month, tightly restricts the movement of European personal data out of the bloc. The rules allow transfers only to jurisdictions that meet EU privacy standards. Switzerland and 10 other places have been approved so far, but Japan is not on that list.

Companies in unapproved countries must ask users' for permission to move their information outside the EU, or they must enter into data transfer contracts modeled after ones prepared by European authorities. 

Japan put a new data protection law into effect last May and plans to add further guidelines for safeguarding European data. Labor union membership, for example, will be treated as personal information requiring special care. Jourova also said the EU wants to check Japan's restrictions on government access to personal data.

The GDPR also requires companies to put in place safeguards on EU nationals' information even when it remains within the bloc. Businesses must have a system to quickly alert authorities in the event of a data leak.

Jourova said the EU will first monitor compliance by organizations that process large volumes of data or handle sensitive information, such as medical care providers and insurers.

Fines for violating the GDPR amount to 4% of yearly global sales or a maximum of 20 million euros ($23.3 million), whichever is higher. Even some EU member countries are behind on bringing their domestic regulations in line with GDPR standards.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends January 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media