Japan and countries throughout the Asia-Pacific region (APAC) have their own data protection laws, which vary from light-touch to more prescriptive.
Despite the patchwork of laws and regulations, there is a common non-binding baseline formed by the APEC Privacy Framework. The Asia-Pacific Economic Cooperation (APEC) is a regional economic forum aimed at increasing prosperity for the region by promoting balanced, inclusive, sustainable, innovative and secure growth and accelerating regional economic integration. As part of this cooperation, the APEC Privacy Framework was adopted. The Framework sets out a series of privacy principles to ensure continued trade and economic growth and, in particular, free flow of personal data within the APEC region. Companies can certify under the Privacy Recognition for Processors (PRP) Framework to demonstrate compliance with the APEC Privacy Framework and help their customers on their privacy journey.
Salesforce was one of the first companies globally to obtain PRP certification. Find more information here.
Japan’s Act on the Protection of Personal Information (APPI) is based on principles similar to the GDPR. In 2019, Japan and the EU acknowledged each other’s data protection frameworks to be “adequate”, thus allowing personal data to flow freely between the two economies without the need for further protections such as Binding Corporate Rules or Standard Contractual Clauses.
Since 2008, Salesforce has also been PrivacyMark certified. PrivacyMark is a Japanese privacy certification that focuses on enhancing individuals' awareness of the protection of personal data and incentivizing businesses to build trusted connections with their customers. To obtain the certification, companies must show they take appropriate measures to protect personal data of individuals. The requirements for PrivacyMark certification are governed by the Japan Institute for Promotion of Digital Economy and Community.