skip to Main Content


Japan has looked to follow Europe’s example by updating its existing legislation, rather than passing an entirely new law, to bring legislation on data privacy line with the EU’s standards. This is likely so that it can retain an adequacy decision allowing for easier data transfers between the two territories.

The Act on the Protection of Personal Information (“APPI”) regulates privacy protection issues in Japan and the Personal Information Protection Commission (the “PPC”), a central agency, acts as a supervisory governmental organization on issues of privacy protection, much like the ICO in the UK.

The APPI was originally enacted in 2003 but was recently amended and the amendments came into force on 30 May 2017.

Whilst the GDPR and APPI have similar provisions within them, there are unique differences however if an organisation has prepared adequately for GDPR then complying with APPI should not be hard.

For updates on changes in legislation
Sign Up for Vox updates on the Japanese Specifications

Follow the Legislative updates by clicking on the link
to the the Japanese Specifications updates website