GDPR - how does it affect your business in Japan?

July 13, 2018 09:00 - 10:30


  • Online bookings are closed for this event.

Operating outside of the European Union? The new EU data privacy regulation's long arm reaches you nonetheless!

Your overflowing inbox in May will have alerted you to GDPR, General Data Protection Regulation, the EU's biggest data shake up since 1995. The GDPR took effect May 25 2018 and applies primarily to data processing activities by organizations established in the EU, with the aim of "making Europe fit for the digital age". More than 90% of Europeans say they want the same data protection rights across the EU and regardless of where their data is processed . . . 

The first month of GDPR has subsequently seen a sharp increase in the number of complaints to regulators across Europe, showing strong public interest in the new rules. The UK’s Information Commissioner’s Office (ICO) also reports a rise in breach notifications from organisations, as well as more data protection complaints following the activation of the law.

The GDPR contains nearly 100 separate and nuanced articles that can be difficult to understand. What IS now clear is that the cost of non-compliance for firms are stiff fines of up to €20m (£17.6m) or 4% of a company’s global turnover – whichever is higher – and companies are more likely to face higher fines if they delay reporting breaches.

Moreover, a recent judgment of the Court of Justice of the European Union (CJEU), means that the phrase "established in the EU" has to be interpreted very broadly. The CJEU ruled that "any real and effective activity - even a minimal one - being exercised through stable arrangements" may be enough to qualify as an establishment, under the new law.

This understanding has now been incorporated in the GDPR. The legal form of "stable arrangements", for example through a branch or a subsidiary with a legal personality, is not the determining factor for businesses. In fact, the CJEU considered as sufficient that an organisation operated a website "mainly or entirely directed" at a specific EU country and that it had appointed in this country a representative who was responsible for recovering the debts resulting from that activity and for representing the organisation in administrative and judicial proceedings relating to the processing of the data concerned. 

So, what does all of this mean in plain English? Well, the GDPR might apply to your business in Japan, even if you have no formal establishment within the EU.

Join us for a breakfast seminar on July 13 to find out more . . . 



Richard Bird, head of Freshfields IP/commercial practice group, Asia



0845 Doors open, networking, light refreshments 

0910 Freshfields welcome, BCCJ welcome, event content

1010 Conclusions

1030 Doors close


Members Only: Login and book this event

Booking Deadline: July 9 Monday 17:00

メンバーのみ参加できます: まずログインしてください。申し込みフォームが現れます。

お申し込みは準備の都合上 7月9日17時までにお願いいたします。




Venue Information

Freshfields office, Akasaka Biz Tower

Members Only: Login and book this event
メンバーのみ参加できます: まずログインしてください。申し込みフォームが現れます。

Registration on the day will be on the 1st floor of the building during 08:45~09:15. (after that you are not able to enter the building)
当日はビル1階で入館証をお渡しいたします。ご予約の無い方は入場できません。受付時間は 08:45~09:15です。 その後のご入場はできません。

Access Map

Access Map

Payment Options:

  • No Need To Pay

Member Cost: ¥0

Non-Members Cost: ¥0