What is the Japan Personal Information Protection Act - APPI? - Actonic – Unfolding your potential
We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.
Become an Atlassian Knowledge Champion

What is the Japan Personal Information Protection Act – APPI?

Japan’s Personal Information Protection Law (APPI) regulates the handling of Japanese citizens’ personal information by individuals and organizations, including businesses, government agencies, and non-profit organizations.

Under the Personal Data Protection Law of Japan, organizations that collect personal information are required to first obtain consent from the owner of the information to collect, use, and share such information – just like with the GDPR.

But characteristically, such consent is only required for sensitive information or information to be transferred to a third party or outside of Japan.

The APPI (originally enacted in 2003, updated in 2015 and 2020) was a significant change in the way of personal information protection in Japan.

APPI’s scope of application

Initially, APPI only applied to business operators who have a database with personal data of at least 5,000 persons. But with the latest amendment, the law applies to all business operators, regardless of how much personal data they process.

The APPI applies to all controllers of personal information (PII) regardless of whether the company or organization is based in Japan or not. What matters is whether the company or organization collects or uses the personal data of Japanese citizens. The key application of the law is for business or commercial purposes. There are exceptions when they are used for government purposes, journalistic purposes, etc.

Penalties for non-compliance with the Japan’s personal information protection act

With the latest amendments to the law from 2020, the penalties for non-compliance with the APPI have been increased to the maximum:

  • 1 million yen for individuals / about 7,000 euros or
  • 100 million yen for businesses / about 700,000 euros

However, penalties vary depending on the severity of the violation!

Final thoughts:

When doing business in Japan or handling the personal information of Japanese citizens, all businesses must be aware of what constitutes personal information law, as well as comply with the law to avoid legal action!


To make APPI compliance easier, there are tools. Jira and Confluence apps such as Data Protection and Security Toolkit for Jira and Data Protection and Security Toolkit for Confluence exist to help you easily comply with ALL privacy policies in the world, including APPI.Guaranteed to save you time and money! Curious? Book a demo now!

Discover our Apps for Jira and Confluence