GCs Seek Balance as Data Protection Laws Increase in Asian Region

Topics: Asia Pacific, Client Relations, Corporate Legal, Cybersecurity, Law Firms, Legal Innovation, Thomson Reuters


As data protection laws proliferate across the Asian region, general counsel must be savvy when it comes to seeking out solutions.

The increasing prevalence of data protection legislation across Asia Pacific is upping the pressure on in-house counsel that often have to deal with disparate regimes across multiple jurisdictions.

One way to adapt to the myriad changes is to embrace innovative technology solutions that make information governance and compliance easier for both private practitioners and general counsel working on data protection issues. A wider array of online platforms has made it possible for companies to check whether they are data compliant around the world. Technology-backed regulatory compliance solutions provide e-learning, certification, registers and templates. These solutions help institutions that require organization-wide reach to manage regulatory processes, collect information and stay current.

In broad strokes, in-house and outside counsel have different areas of responsibility when it comes to compliance, particularly when effective systems are in place. “It’s a generalization, but law firms will be relied upon to provide technical advice about a local data protection regime and perhaps to draft contract language and amendments or client consent documents to ensure local legal compliance,” says Sharyn Ch’ang, global counsel at PricewaterhouseCoopers (PwC). “In contrast, in-house counsel are more likely to be tasked with developing a company’s data protection policy, devising or having input on employee education, testing for compliance, and working closely on a cross-functional basis with IT and security colleagues to put in place appropriate internal processes. For instance, on a proactive basis, we collaboratively developed a comprehensive data loss protocol.”

For law firms, it is harder collaborate this closely unless they are given the same level of access. “If you are a multinational company and you’re operating in 20 jurisdictions, you’ve got to make sure you’re compliant with every data protection law,” says Paul Haswell, a partner at Pinsent Masons. “That’s where it becomes quite costly and that’s really where counsel are having headaches. As we do more work in data protection, and with the world becoming an increasingly small place, there will be more automation.”

“If you are a multinational company and you’re operating in 20 jurisdictions, you’ve got to make sure you’re compliant with every data protection law.” — Paul Haswell of Pinsent Masons

Ch’ang says she was PwC’s first Asia regional data protection leader and recalls having to deal with the various jurisdictions as they introduced new data protection laws. “Driving internal consistency on data protection, which is particularly important where data flows cross-border, is not an easy task if you don’t have the imprimatur of senior management to implement the necessary changes,” she explains.

Although the use of technology for this purpose is still at an experimental phase, it could help by cutting down on the amount of legal work associated with regulatory compliance. And as technology advances, the number of solutions available should expand.

“We will, of course, build upon that kind of worldwide service delivery. In addition, we are seeking to use more AI (artificial intelligence) throughout our business,” says Pinsent Masons partner Bryan Tan. “We haven’t done this in a live project yet. But from our experience while dealing with compliance issues the old-school spreadsheet type of way, we noticed that maybe we can cut down 80% of the work. This will let lawyers concentrate on the analysis in the context.”

You can read the full article on the website of Thomson Reuters’ Asian Legal Business.