I'm working with a startup in a country where laws are loose at best. After reviewing the privacy laws that bind us by doing business in this country, there seem to be an endless amount of ways that we could be in violation without any malicious intent because of the vagueness of the language.
My idea to pitch to my partners is to set up the company in a country where laws are more explicit and the legal system is robust which holds all of our assets, processes payments, and where all the ownership lies, then use a local pass-through entity in the country we are targeting that has all of the liabilities of handling the sensitive information, but with which we are not technically affiliated.
Given this situation, is such an arrangement viable from a legal perspective in terms of protecting our assets and ourselves from liabilities and litigation?
EDIT Feb 19, 2018
Great answers and responses. Given me a great deal to think about.
Just a few points of clarification:
In the future our business will likely expand to markets other than "A", however, that is likely many years in the future. This consideration could render the question moot I suppose.
Since "B" is a purely hypothetical, my first choice was Singapore.
The legal system in "A" is fundamentally corrupt, its really just a contest of who has the most resources/connections.