Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
EU - Japan: GDPR v. APPI
In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Act on the Protection of Personal Information (Act No. 57 of 2003 as amended in 2020) (APPI).
The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the APPI and the Regulations with the GDPR.
You can access the latest version of the report here.
What is the APPI?
The APPI aims to provide protections for individuals and their personal data, as well as requirements for businesses regarding the collection, processing, transfer, use, storage, and maintenance of customer and employee data. It was originally passed in 2003. It has since been updated in 2015, and again in 2020, with the amendments entering into effect on April 1, 2022. The amended APPI introduced strengthened requirements for cross-border data transfers and data breach reporting, among other things.
Key highlights
The APPI and the GDPR share some similarities, as follows:
- defining personal data as information that can be used to identify an individual;
- establishing obligations for operators or controllers/processors who handle personal data;
- containing provisions for special or sensitive information; and
- including an extraterritorial scope.
However, despite their similarities, the APPI and the GDPR also differ in certain aspects, including:
- unlike the GDPR, the APPI only refers to personal information controllers and does not distinguish between data controllers and data processors;
- certain provisions in the APPI apply to such retained personal data, while the GDPR does not make this differentiation; and
- the GDPR contains provisions regarding children, processing for research purposes, and specifications on how to obtain consent, which are not addressed in the APPI.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
