APAC Data Protection Authorities (DPAs)


Data Protection Authorities (DPAs) involves understanding the entities responsible for safeguarding individuals' privacy and enforcing data protection laws within a given jurisdiction. DPAs play a crucial role in overseeing compliance with regulations, addressing privacy concerns, and ensuring the responsible handling of personal data by organizations.

Data Protection Authorities (DPAs) for APAC:

APAC, which stands for Asia-Pacific, is a region in the world that encompasses a vast area from East Asia to South Asia and from Southeast Asia to Oceania and the Pacific Islands. This region is often broken down into several sub regions. These sub regions typically include:

  1. East Asia
  2. Southeast Asia
  3. South Asia
  4. Oceania
  5. Central Asia


East Asia


Authority: Personal Information Protection Commission (PPC)

The Personal Information Protection Commission (hereinafter referred to as the "Committee") is responsible for ensuring the proper handling of personal information in order to protect the rights and interests of individuals while giving due consideration to the usefulness of personal information (including specific personal information). Official Website: PPC Japan



No specific national data protection authority


South Korea:

Authority: Personal Information Protection Commission (PIPC)

The Personal Information Protection Commission (PIPC) in South Korea, established under the Personal Information Protection Act (PIPA) in 2011, serves as the national data protection authority. The PIPC oversees the formulation and supervision of data privacy policies and the protection of personal information.

Official Website: PIPC South Korea


Southeast Asia:



Authority: Personal Data Protection Commission (PDPC)

The PDPC serves as Singapore’s main authority in matters relating to personal data protection and represents the Singapore Government internationally on data protection related issues. The PDPC’s aim is to balance the protection of individuals’ personal data with organizations’ need to use the data for legitimate purposes.

Official Website: PDPC Singapore



Authority: Personal Data Protection Department (PDPD)

The main responsibility of this Department is to enforce and regulate PDPA in Malaysia. PDPA focuses on the processing of personal data in commercial transactions and avoid of misuse of personal data. The PDPD provides guidance, issues guidelines, and conducts audits to ensure adherence to data protection standards. It manages registration and notification processes for data users and imposes penalties for non-compliance.

Official Website: PDPD Malaysia



No specific national data protection authority.



Authority: Office of the Personal Data Protection Committee (OPDC)

The OPDC provides guidelines, enforces compliance with the PDPA, and plays a crucial role in safeguarding individuals' privacy rights related to personal information. It aimed to enhance public sector efficiency and serve the people's welfare.

Official Website: OPDC Thailand



Authority: National Privacy Commission (NPC)

The NPC exists to ensure compliance of the country with international standards set for data protection. The National Privacy Commission is the country’s privacy watchdog; an independent body mandated to administer and implement the Data Privacy Act of 2012 and to monitor and ensure compliance of the country with international standards set for data protection.

Official Website: NPC Philippines



Authority: Ministry of Public Security

The Ministry of Public Security in Vietnam is a key governmental agency responsible for maintaining internal security, law enforcement, and ensuring public safety throughout the country. Established in accordance with Vietnam's legal framework, the ministry oversees various functions, including crime prevention, counter-terrorism efforts, immigration control, and border security. Led by the Minister of Public Security, the ministry operates under the authority of the government and plays a vital role in safeguarding Vietnam's stability and societal order.

Official Website: Ministry of Public Security



No specific national data protection authority.


Myanmar (Burma)

No specific national data protection authority.



No specific national data protection authority.


South Asia:



Authority: Data Protection Authority of India (DPAI) [Proposed]

The DPAI is expected to be responsible for ensuring compliance with data protection regulations, overseeing data processing activities, and safeguarding the rights and privacy of individuals. 

Official Website: DPAI



No specific national data protection authority.



No specific national data protection authority.


Sri Lanka

Authority: Office of the Data Protection Officer

The law provides for comprehensive objects and powers of the Authority as the regulator, which include making rules. It include the introduction of data protection legislation, the establishment of data protection authorities or offices, and the enforcement of data protection measures.

Official Website: Data Protection Officer Sri Lanka



Authority: National Information Commission

It is responsible for the protection, promotion and practice of RTI in Nepal. The functions, duties and powers of the Commission is to study and observe records, instruments and other materials related to information of public importance in public bodies

Official Website: National Information Commission Nepal





Authority: Office of the Australian Information Commissioner (OAIC)


The Office of the Australian Information Commissioner (OAIC) was set up by the AIC Act. They are headed by the Australian Information Commissioner, who has a range of powers and responsibilities under the AIC Act, and exercises powers under the FOI Act, the Privacy Act and other laws. 


Official Website: OAIC Australia


New Zealand

Authority: Office of the Privacy Commissioner (OPC)


The Office of the Privacy Commissioner (OPC) works to develop and promote a culture in which personal information is protected and respected. The Privacy Act applies to almost every person, business and organisation in New Zealand. The Act includes privacy principles that guide how personal information can be collected, used, stored and disclosed.


Official Website: OPC New Zealand


Central Asia:



Authority: Committee for Information Security of the Ministry of Digital Development, Innovations, and Aerospace Industry of the Republic of Kazakhstan

The committee establishes public policy in the field of information security, and also maintains the level of national electronic information resources safety against external and internal threats.    

Official Website: Committee for Information Security



Authority: State Inspectorate for Personal Data Protection

The State Inspectorate for Personal Data Protection (SIPDP) in Uzbekistan is the primary governmental body responsible for overseeing the protection of personal data within the country. The SIPDP plays a crucial role in enforcing data protection laws, ensuring compliance with regulations, and safeguarding individuals' privacy rights. It may have the authority to investigate complaints related to the misuse or mishandling of personal data, impose penalties on non-compliant entities, and provide guidance and education to both public and private sector organizations on data protection best practices.

Official Website: State Inspectorate for Personal Data Protection