The Top 10  Most Difficult Countries for Identity Verification

The Top 10  Most Difficult Countries for Identity Verification

Download Report

    n-img-roi-cross

    Before You Go, Schedule Your Free Demo Today

    Valid Invalid number


    Note: Fields marked with an asterisk(*) are mandatory.

    n-exit-img-roi-cross

    Thank you for your demo request

    We appreciate your interest and look forward to discussing how our solution can meet your needs. Expect to hear from us shortly with scheduling details.

    Close

    us

    44.214.19.8

    Japan’s Act on Personal Information Protection – What Businesses Must Do

    japan new act

    New and emerging ways to bypass verification checks have allowed fraudulent entities to breach the sensitive personal data of clients in businesses and financial institutions. In June 2020, Japan amended its Act on the Protection of Personal Information (APPI) with a deadline of 1st April 2022 for businesses to adopt the new regulations. 

    Prominent updates to the Act include a new process for sending and receiving personal information to and from third parties and businesses outside the country. Japan-based businesses now face a new challenge as new requirements are introduced that need to be fulfilled in case of data breaches.

    The Act on the Protection of Personal Information (APPI)

    Japan’s Act on the Protection of Personal Information (APPI) was first introduced in 2003 with the aim to protect the personal information of individuals (customers of businesses, banks, and other financial institutions) in the country. Since its introduction, the Act has seen two amendments in 2015 and 2020. Compliance with the APPI is monitored by the Personal Information Protection Commission, which is Japan’s primary regulatory body to investigate and enforce supervision, assessment, and mitigation of concerns that arise in businesses and financial institutions.

    As per the APPI, personal data that can be processed or stored only with the consent of the individual are classified into two main types. The first is the basic personal information like name, date of birth, contact numbers, and personal identification codes. The second type of sensitive data is ‘special care required’ information, which includes medical records, information about race or inheritance, and criminal history. Although biometric data is not explicitly mentioned in any of the two types, it is likely that it will be included in the ‘special-care required’ information. Moreover, the APPI allows individuals to question the purpose of processing their personal information and also gives them the right to amend or delete it.

    What’s in it for Businesses

    Like the EU’s General Data Protection Regulation (GDPR) obliges businesses in the region to protect personal information, businesses operating within Japan are obliged to comply with the Act on the Protection of Personal Information no matter what their status or revenue is. Initially, the Act didn’t require businesses to protect or state the reason for collecting and processing personal information. However, the amendments made to the Act in 2015 added compliance requirements that subjected businesses of all sizes to protect their customers’ personal information. 

    Furthermore, businesses operating outside Japan and are linked to the Japanese market are also obliged to comply with APPI. This implies that businesses operating overseas but gathering personal information from clients in Japan are also required to comply with the new regulations. That being said, government institutions, educational institutes, and the administrative sector are not obliged to adhere to these regulations. The amendments made to the APPI in 2020 further broadened the scope of businesses that fall under the rules. In simple terms, changes have been made to the rules that govern the transfer of personal information to third parties and the notifications in case of data breaches.

    Transfering Personal Information to Third Parties

    Up until 2020, businesses based in Japan were allowed to send personal data to third parties without the consent of the customer. The customer was provided the details of the transfer of their personal information. However, since 1st April, 2022, corporations are obliged to request the customer for permission to send their personal information to third parties. In cases where national security, public interests, or legal matters are involved, there can exceptions to the new regulations and personal information can be transferred. Businesses are allowed to proceed with the transfer of personal data without the consent of the customer only if they notify them before the transfer. Moreover, this condition is not applicable in the case where ‘special-care required’ personal data is in question.

    Transfering Personal-Related Information to a Third Party

    Personal Related Information (PRI) is a section that was added to APPI along with the other amendments made in 2020. The new category of personal information include the data that is related to the personal matters of the customer, including their transaction history, purchase history, or web browsing information. The PRI category doesn’t include basic personal information like the name or date of birth of the customer. Before the 2020 amendments to the APPI, the PPC was not authorised to regulate the transfer of personal information to third parties outside the boundaries of Japan. Now, the PPC has been provided authority to oversee these processes. Businesses must now provide proof that the foreign third party takes “equivalent action”, or has the same level of personal information protection as Japan. The third party must also be in Japan’s list of adequacy decisions provided by the PPC.

    Similarly, the transfer of this kind of information to foreign entities requires businesses to notify customers about the destination before sending it. This includes the name of the country, the quality of the data protection measures in the country, and the additional measures that will be taken to secure the data.

    How Businesses can Comply with the APPI

    In a requirement similar to those of China’s Personal Information Protection Law (PIPL), Japan-based businesses are obliged to keep a record of the transfer of personal information to third parties. Businesses must ask for permission before sending their customer’s personal data to any third party unless the transfer is for a regulatory action, or when sending the data is the only available option to protect a person’s life or assets.

    Up until the latest amendments were not made, the APPI followed a moderate sanctions regime against businesses that failed to comply. For instance, the maximum penalty for a business used to be ¥500,000 (approx. $3,900). After the amendments, businesses can now be penalised with up to ¥100 million (approx. $781,500). Moreover, those in charge of these businesses could face charges of one-year imprisonment and fines of up to ¥1 million (approx. $7,815).

    Key Takeaways

    Considering the latest changes to the data protection law of Japan, it is clear that the safekeeping of customers’ personal information is quite important for Japanese businesses. Being one of the most successful economies in the world, the country makes significant efforts to maximise the measures to protect sensitive data. On the corporate level, businesses must also take steps to ensure compliance with the updated API.

    To do so, businesses need to incorporate AI-driven verification solutions into their system. Shufti’s robust identity verification solution can be easily embedded within an online business platforms all the features that help them comply with regulatory obligations while ensuring that the customer’s data is safe.

    Here are the key benefits of Shufti’s ID verification services:

    1. Verifies the real identity of the customers in less than a second
    2. Generate results with 98.76% accuracy
    3. Screens customers against 1700+ global watchlists and PEP lists
    4. Helps comply with regulatory obligations and secures businesses from sanctions

    Want to learn more about ID verification services for businesses?

    Related Posts

    Blog

    Smart Growth in Uncertain Times: Powered By Shufti

    Just five years ago at the onset of the COVID-19 pandemic, the global economy was struck by the h...

    Smart Growth in Uncertain Times: Powered By Shufti Explore More

    Blog

    AI Document Verification 2025

    Why This Matters in 2025 Digital onboarding is booming, but so is document fraud. The global iden...

    AI Document Verification 2025 Explore More

    Blog

    How to Combat Document Forgery in 2025 and Beyond

    Why This Update Matters Digital document forgery is no longer a fringe threat it strikes every fi...

    How to Combat Document Forgery in 2025 and Beyond Explore More

    Blog

    Age Verification Laws & Regulations Worldwide: 2025 Update

    Introduction Online platforms now face unprecedented pressure to prove users’ ages. From preventi...

    Age Verification Laws & Regulations Worldwide: 2025 Update Explore More

    Blog

    Expanding the UX Lens with Lisa Kleinman

    Creating a UX experience can feel like a paradox: users are more diverse than ever, yet they expe...

    Expanding the UX Lens with Lisa Kleinman Explore More

    Blog

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering 

    In the complex landscape of identity fraud, the smallest details can make the biggest difference....

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering  Explore More

    Blog

    Verifying identity in India

    Verifying identity in India Explore More

    Blog

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience

    Website abandonment is a silent revenue killer for online businesses. Whether it’s an unfin...

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience Explore More

    Blog

    Smart Growth in Uncertain Times: Powered By Shufti

    Just five years ago at the onset of the COVID-19 pandemic, the global economy was struck by the h...

    Smart Growth in Uncertain Times: Powered By Shufti Explore More

    Blog

    AI Document Verification 2025

    Why This Matters in 2025 Digital onboarding is booming, but so is document fraud. The global iden...

    AI Document Verification 2025 Explore More

    Blog

    How to Combat Document Forgery in 2025 and Beyond

    Why This Update Matters Digital document forgery is no longer a fringe threat it strikes every fi...

    How to Combat Document Forgery in 2025 and Beyond Explore More

    Blog

    Age Verification Laws & Regulations Worldwide: 2025 Update

    Introduction Online platforms now face unprecedented pressure to prove users’ ages. From preventi...

    Age Verification Laws & Regulations Worldwide: 2025 Update Explore More

    Blog

    Expanding the UX Lens with Lisa Kleinman

    Creating a UX experience can feel like a paradox: users are more diverse than ever, yet they expe...

    Expanding the UX Lens with Lisa Kleinman Explore More

    Blog

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering 

    In the complex landscape of identity fraud, the smallest details can make the biggest difference....

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering  Explore More

    Blog

    Verifying identity in India

    Verifying identity in India Explore More

    Blog

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience

    Website abandonment is a silent revenue killer for online businesses. Whether it’s an unfin...

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience Explore More

    Take the next steps to better security.

    Contact us

    Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

    Contact us

    Request demo

    Get free access to our platform and try our products today.

    Get started