You can see the rules and regulations in other jurisdictions.
Compliance with data protection and security is essential for fintech businesses. The Act on the Protection of Personal Information (APPI) enforces certain duties to private companies handling personal information, such as: implementing necessary measures to protect it; using the data only for what was declared to those affected; refraining from disclosing private details to a third party, save for exceptions; and keeping control over employees and contractors.1
The initial version of the APPI was amended in May 2017 to remove any confusion regarding what constitutes personal information and encourage responsible treatment of anonymised data. The financial sector also adheres to the 'Guidelines for Personal Information Protection in the Financial Field'. A second major revision of the APPI was finalized three years after its first amendment, with implementation scheduled for April 2022. This iteration expands data subjects' rights, requires mandatory reports of security breaches, widens extraterritorial enforcement opportunities and makes stricter constraints on international data transfers, all while simplifying the use of pseudonymised data.1
In regard to security, FSA supervisory guidelines governing financial institutions emphasize the importance of matters such as being aware of system risks and enhancing cybersecurity, and operators are required to follow the appropriate PDCA cycle of 'Plan, Do, Check and Act'.1
Cross-border payments in Japan