The document discusses the impact of the GDPR on Asia, highlighting the region's diverse economies and unique challenges regarding data protection and compliance. It outlines key issues such as lack of standardization, the need for capacity building, and the complexity of implementing GDPR regulations. The author emphasizes the necessity for collaborative approaches and tailored policy interventions to address the specific challenges faced by developing and least developed countries in Asia.

1. Public comment on GDPR and its effect on Asia
Name: ShreedeepRayamajhi
Profession Journalist|Blogger|Activist
Constituency NCUC
Experience |
Expertise
InternetGovernance Policy|FoE|internetLeadership(youth)
Asiahas beenone of the biggestregionwiththe challenge of having differenteconomiesfrom
developedtodevelopingtothe leastdeveloping countries.The variouseconomiesaccelerateinthe
processof creatingbetterinternetstandardizationwhere eachandeverycountryhasitsownunique
challengesanddiversity. The newGDPRhasbeenanissue of debate inandamong the various
stakeholdersaboutthe mitigationprocesscreatingawide ripple of concern. Due tolack of
standardization,Asiasuffersthe mostconsequencesdue toawareness,capacitybuilding, policies,
diversity,language,infrastructure, etc. otherthanthatcommunication andcollaborationsseemstobe
yetanothermajorchallenge inthe mitigationprocessof creatingabetterpolicyenvironment.
The basic challenges forGDPRincontextof Asia:
1. The GDPR coversthe companiesthatcollectdataon citizensinEU countrieswill needtocomply
withstrictnewrulesaroundprotectingcustomerdataby May 25.
2. GDPR is expectedtosetanewstandardfor consumerrightsregardingtheirdata,butcompanies
will be challengedastheyputsystemsandprocessesinplace tocomply dependingupontheir
countriesrulesandregulation.
3. Compliance willcause some concernsandnew expectationsof securityteams.Forexample,the
GDPR takesa wide viewof whatconstitutes personalidentificationinformation.Companieswill
needthe same level of protectionforthingslike anindividual’sIPaddressorcookie dataasthey
do forname,addressand Social Securitynumber.
4. The law alsoprovidescleartermsforcompaniesto provide a“reasonable”level of protection
for personal data,forexample,butdoesnotdefine whatconstitutes“reasonable.”Thisgives
the GDPR governingbodya lotof leewaywhenitcomestoassessingfinesfordatabreachesand
non-compliance.
5. The Court of Justice of the EuropeanUnionhasalso alreadyprovidedbasicguidelinesonthe
determiningfactoristhe company’sintentiontotargetEU citizens,e.g.if the foreigncompany
website mentionedEurocurrency(e.g.inthe jobpostings),offeredmultilingual options
(comprisingEUlanguages) orcontainedanyotheraspectwhichwasintendedforthe exclusive
benefitof EU residents;itwouldthenbe deemedtotargetsuchpopulation,hence,such
companywouldfall underGDPR’sumbrella.
6. The GDPR places equal liabilityondatacontrollers(the organizationthatownsthe data) and
data processors(outside organizationsthathelpmanage thatdata).A third-partyprocessornot
incompliance meansyourorganizationisnotincompliance.The new regulationalsohasstrict
rulesforreportingbreachesthateveryone inthe chainmustbe able tocomplywith.

2. Public comment on GDPR and its effect on Asia
Organizationsmustalsoinformcustomersof theirrightsunderGDPR. Whatthismeansisthat
all existingcontractswithprocessors(e.g.,cloudproviders, SaaSvendors,orpayroll service
providers) andcustomersneedtospell outresponsibilities.The revisedcontractsalsoneedto
define consistentprocessesforhow dataismanagedand protected,andhow breachesare
reported.
At regional level Asiamaybe consideredtobe verywell adaptedbutlookingatitfrom the major issues
of challengesondigital rightsandprivacy,there seemstobe greatwork done inthe processof creating
feasible environmentforadaptationforthe GDPR. Withthe lackof properstandardization anddigital
rightshas beenanissueswhichsimplyfocusesmore towards the compliance of GDPRinAsia.
Asianeedsmore time notjustintermsof GDPR but increatinga definite standardizationinthe overall
processof digital rightsandprivacy.The GDPR will directlyaffectsmostof the countriesasAsian
economyiswell supportedbytourismandotherservice industrywhere protectionof dataisa major
challenge.
1. More collaborative approach of research,surveys andtime needstobe givenunderstandingthe
challengesandcomplicationof Asia
2. Focused Capacitybuildingandawareness atvariouslevelisapriority
3. Betterpolicyinterventionand standardizationpolicycreatingmore feasibilityof accepting
GDPR as a uniformsystem
4. Communitystakeholderconsultation
GDPR seemstobe merelyanissue of enactmentfordevelopednationbutfordevelopingandleast
developedcountriesinAsiawhere thereare challengesof access,infrastructuresandevenpolicies,the
GDPR is silentaboutmanyissuesof mitigationandadaptation.The EUneedstofurtherworkon creating
a strategicinterventionof howtheywill deal withthe issuesof Asia.Aslistedabove the problemsare
immense intermsof where the EU citizenwilluse theirinformation. Now ahightime hascome when
EU starts lookingatthe bottomof upapproach of how it’sgoingto effectthe global economyincreating
a collaborative standardforeveryone.
______________________________
ShreedeepRayamajhi
Rayznews
Learn InternetGovernance