What is APPI?
APPI stands for the Act on the Protection of Personal Information.
Its purpose: To protect the rights and interests of individuals while ensuring due consideration for the usefulness of personal information by basic principles for the proper handling of personal information.
And what most of us don't realize is that it was Japan’s first data protection law that became official in 2003—a whole 15 years prior to GDPR going live.
However, updates were made to this law in 2015 after a wave of high-profile data breaches rocked the country. Back then, over 12.6 million separate data breaches were reported, with roughly 1-in-10 of the nation’s people affected.
The new version of APPI came into law in 2017. With it, the PPC, or, the Personal Information Protection Commission was also brought into effect. If your company handles the personal data of individuals in Japan, then it must comply with these regulation sets.
Then on July 17, 2018, less than two months after the EU's General Data Protection Regulation (GDPR) went into effect, Japan and the European Union publicly agreed and recognized each other’s data protection regimes (despite some natural variations to their regulations).
They stated that that both laws "provided adequate protections for personal data."
Cheers to that!