Drew Network Asia’s (DNA) Data Compliance & Cybersecurity Practice includes firms at the forefront of the development of these fields in their respective countries. Many countries around the world, including several within ASEAN, have enacted data protection and cybersecurity laws to better protect individuals’ personal data and national information systems infrastructure. Our lawyers have advised on all aspects of such laws, including regulatory/enforcement, commercial and international/cross-border aspects.
We aim to be the leading legal practice in this field in the region. DNA’s constituent firms have lawyers with numerous years of experience in these and related fields as well as, in some cases, dedicated Data Protection & Cybersecurity practices.
Our firms’ work in these fields precedes the advent of national laws such as Malaysia’s Personal Data Protection Act 2010, Indonesia’s Electronic Information and Transactions Law, Singapore’s Personal Data Protection Act 2012 and Cybersecurity Act 2018, Thailand’s Personal Data Protection Act 2019, and Vietnam’s Personal Data Protection Decree 2023 as well as various other national laws relating to telecommunications, media, information technology and cybercrime which may also establish general or sectoral requirements relating to data protection and/or cybersecurity.
We act for a wide variety of clients in relation to data protection and cybersecurity compliance. These include many prominent and well-known multinational / foreign corporations, Internet companies, local companies across different industries and, in some cases, national data protection authorities. Our experience includes advising on or providing the following, amongst others:
- Implementation of company / group-wide compliance programmes;
- Localisation of global/regional data protection policies;
- Establishment of the internal data protection function and required internal processes;
- Contracts for data processing and cross-border data transfers, as well as data protection provisions for a variety of contracts;
- Employment-related aspects of data protection including protection of foreign employees’ personal data;
- Sectoral data protection and cybersecurity requirements;
- Data breach management and notification;
- Compliance and regulatory risk audits and impact assessments;
- Data protection and cybersecurity compliance training;
- Enforcement–related issues, regulatory appeals and offences relating to data protection, cybersecurity and related areas; and
- Disputes and civil proceedings relating to data protection and/or cybersecurity issues.