Laws considered in this checklist — recruiters in Japan sit at the intersection of several distinct regimes, each with
its own personal-information rules:
- 職業安定法 (Employment Security Act) — governs job placement (職業紹介) businesses specifically.
- 労働者派遣法 (Worker Dispatch Act, formally 労働者派遣事業の適正な運営の確保及び派遣労働者の保護等に関する法律) —
applies only if the agency also holds a temporary staffing/dispatch license, sections marked accordingly below.
- 個人情報の保護に関する法律 (APPI) — the general privacy law; recruiter-specific touchpoints are cited explicitly
here, with full APPI compliance tracked separately in your GRC platform.
- 行政手続における特定の個人を識別するための番号の利用等に関する法律 (番号法 / My Number Act) — a stricter regime
layered on top of APPI for the specific "My Number" identifier, commonly mishandled by collecting it too early.
Terminology note: there is no formal "certified DPO" under Japanese law. The role with a mandatory staffing ratio and
recurring certification is the
職業紹介責任者 (Employment Placement Responsible Person) under the Employment Security
Act — and, separately, the
派遣元責任者 (Dispatching Undertaking Responsible Person) under the Worker Dispatch Act if
the agency also does staffing. These are two distinct roles with different ratios and renewal cycles — see Sections 3 and 6.