Issue 175


  • The European Parliament approved the proposal regarding the regulation of crypto-assets that includes provisions on personal data protection.
  • UK’s Information Commissioner’s Office issued a statement on the cyber incident that impacted business process services provider, Capita plc’s internal Microsoft Office 365 applications.
  • Greece’s data protection authority issued a fine of EUR 30,000 on Piraeus Bank for infringing the provisions of the GDPR.


  • Canada’s Office of the Superintendent of Financial Institutions (OFSI) and the Global Risk Institute published a report titled ‘Financial Industry Forum on Artificial Intelligence: A Canadian Perspective on Responsible AI’.
  • The OFSI released a new framework for Intelligence Led Cyber Resilience Testing (I-CRT) for increasing the resilience of financial institutions against cyber-attacks.
  • US Cybersecurity & Infrastructure Security Agency along with the cybersecurity authorities of Australia, the UK, Canada, Germany, New Zealand, and the Netherlands developed a guidance titled ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and-Default’.


  • India’s Minister of State for Electronics and Information Technology, and Skill Development and Entrepreneurship stated that there will be no hardcore data localization rules under the new Digital Data Protection Bill, 2022. Reports Business Line
  • International Monetary Fund’s working paper stated that India’s lack of data protection legislation poses a privacy risk.
  • Singapore’s Personal Data Protection Commission issued a fine of SGD 37,000 on real estate firm OrangeTee & Tie Pte Ltd for data breach that affected over 250,000 individuals.

Read our digital newsletter here