Data Protection and Cybersecurity
The Chinese government has issued new laws and regulations in the areas of cybersecurity, data protection, and encryption/cryptography that require foreign companies to take action. The Cyber Security Law, for example, places high demands on the protection of customer data in China, while the Cryptography Law sets requirements for the use of encryption technologies. At the same time, non-compliance in the Corporate Social Credit System threatens not only increased fines but also a public blacklisting of companies.
Legal Requirements of IT Compliance in China: MLPS 2.0 Implementation
With the new mandatory Multi-Level Protection Scheme 2.0 (MLPS 2.0), regulatory pressure continues to increase for all companies operating in China. The regulatory system for data protection and cybersecurity requires network operators and critical information infrastructure operators to use the specifications of a multi-level protection system to ensure that data cannot be leaked, stolen or falsified and that their IT systems are free from interference, damage or unauthorized access.
Your Partner for MLPS 2.0 Implementation
CHINABRAND supports companies to implement the MLPS 2.0 regulations from initial IT systems assessment and preliminary classification to acceptance by certified auditors in China.
- Preliminary classification of the IT systems and determination of the necessary protection
- Registration and certification by the public security authority
- Gap analysis and remediation plan in case of optimization needs
- Security assessment by authorized auditors
- Submission of the assessment report to the public safety authority
Time to Act
CHINABRAND, together with cybersecurity experts, supports German and European companies in the most important tasks:
- Analysis of relevant laws and requirements in the areas of IT compliance, network security, data transmission as well as data protection.
- Review of existing infrastructures of the client in China with regard to legal requirements for data security (required certificates, penetration test, white hacking)
- Selection of measures and implementation of tools to meet the new regulations
- Design and implementation of compliance training for Chinese and Asian subsidiaries
- Implementation of compliance management systems
A German company in the steel construction industry discovered fraud and theft of know-how in its Chinese subsidiaries. CHINABRAND carried out on-site investigations to find out who was responsible. By conducting a number of personal interviews, our experienced Chinese investigators and project managers could successfully expose the offender. In this case, the smart choice of interview partners contributed most to the investigation's success – we have received decisive information about the source of the know-how leak from the driver of a top manager.
A Swiss market leader in mechanical engineering examined potential joint venture partners and henceforth, assigned CHINABRAND to conduct compliance due diligence analysis in China. Here, interviews with experts as well as field investigations concerning the companies’ situation and their reputation within the industry were of great significance. The results of our desktop research and on-site investigations contributed significantly to the choice of the later partner.
For the German world market leader in the cleaning machinery industry, we conducted seminars about knowledge protection in one of its Chinese plants. Not only could we identify potential compliance risks, but furthermore develop and implement appropriate measures to minimize them.