Considerations for Asian private banks on post-GDPR jurisdictional data protection laws

Mark Parsons was interviewed by Asian Private Banker about the key considerations for Asian private banks with regard to jurisdictional data protection laws post-GDPR. Mark explained that for private banks in Asia, the reform of data protection rules led by the GDPR may lead to conflicting requirements across jurisdictions.

Mark commented, “Private banks need to look carefully at the laws in the jurisdictions in which they operate and unfortunately this may well raise conflicting requirements, where one jurisdiction is demanding data which cannot be provided from the other.”

Regulators of different jurisdictions are motivated by different reasons when developing requirements for data localisation. “For developing economies in particular, data localisation seeks to encourage the development of a domestic IT industry, with the construction of data centres and investment in the related industry locally. Sometimes it’s a mix of these considerations,” added Mark.

Looking at recent developments, Mark explained, “Beside the legislative reform within EU banning data localisation restrictions, another recent development is that the EU has established a bilateral agreement with Japan to allow the free flow of data. As the EU reviews its approach to adequacy post-GDPR, it is foreseeable that there will be more bilateral agreements similar to this…Ideally, there would be an international network for information transfers to facilitate more consistent dataflows, but we are a long way off from achieving this.”

Click here to read the full article.