Japan and the European Union have agreed on a mutual data protection framework. This allows for a better exchange of data between companies and hence leads to further business opportunities. Our “Digitorney Lexshot“ provides a quick overview:
>> From the European perspective:
– Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) or the consent of the data subject are not needed anymore. This leads to a significant reduction of documentation.
– However, companies from the EU must still assess whether a legal reason for the data transfer to Japan exists since any data transfer from the EU to a third party is subject to the general requirements for a data transfer according to the GDPR.
>> From the Japanese perspective:
– Consent of the data subject or contractual agreements between Japanese data exporter and European data recipient are not necessary anymore.
– However, any transfer of personal data (e.g. employee or customer data) to third parties in Japan or abroad needs consent of the concerned data subject unless the recipient qualifies as “joint user” of the data.
– Japanese companies receiving personal data from the EU need to fulfill specific guarantees due to new supplementary rules: e.g. limitation of purpose in terms of processing and forwarding data to a place outside Japan.
– If companies from Japan shall share personal data with European entities in future, this should be disclosed in the purpose of use. In terms of personal data collected in the past, persons must be asked for their consent to the new purpose of use.
Disclaimer: Please note that the contents of this article may not be seen or construed as legal advice but merely for information purpose only. Advice may only be given on an individual case to case basis upon specific instruction and mandate.
