Japan: Personal Information Protection Commission releases checkpoints to ensure compliance with the Amended Act on the Protection of Personal Information

On 18 February 2022, the Personal Information Protection Commission (PPC) published a list of checkpoints for small and medium-sized enterprises before the amendments to the Protection of Personal Information Act are enforced. The list outlines the actions that any entity has to take in certain scenarios, including data breaches and cross-border data sharing with third parties. Regarding data breaches, companies are required to report incidents to the PPC and notify the affected individual. Regarding cross-border data sharing with third parties, companies must introduce safety management measures to ensure the protection of personal information and must receive consent from individuals regarding the handling of their data by a third party. Generally, companies must be transparent with regard to their data processing practices and safety measures.