Data Security Law
China passed the new Data Security Law (DSL) in June 2021. The aim of the law, which comes into force on September 1, 2021, is to protect data in China and regulate cross-border data traffic. DSL is primarily about promoting the data infrastructure and the innovative use of data by industry. Cyber security and data protection are the foundations for a functioning digital economy.
With the Data Security Law (DSL), the regulatory pressure on all companies operating in China continues to increase. The regulatory system for data protection and cyber security also applies to companies and persons outside of China when they are involved in China-related data activities. These affect the national security, the public interest, or other legal interests of Chinese citizens or organizations.
Your Partner for DSL Compliance in China
With its experts, CHINABRAND supports German and European companies in implementing the regulations of the Data Security Law in China:
- Help in drafting contracts with the recipient of data.
- Support in setting up a data security management system.
- Gap analysis and remedy plan if optimization is required.
- Coordination of the mandatory risk assessment of data sets before transferring them abroad.
- Communication with the authorities responsible for processes and permits.
- Coordination of the security review and approvals by the cyberspace authority for personal data.
- Coordination of regular reporting to the authorities.
Time To Act
The multitude of new Chinese laws is often challenging, unmanageable, and non-transparent for foreign companies, which often leads to uncertainty in the implementation in practice. Companies should review their data management and data protection measures before the law comes into force in order to be prepared for DSL and related new regulations.
A client wanted to analyze the obligations its Chinese subsidiary had to face in the areas of cyber security and data protection. This analysis was required to be able to make far-reaching decisions in the development of corporate IT. We were able to assist the company with an analysis of the current legal situation by specialized Chinese lawyers and with strategic advice.
The global use of standardized computer programs is essential for many international companies. With the rollout of western software to China, not only the specific legal requirements of cyber security and data protection are relevant, but also the behavioral patterns of Chinese employees - for example the circumvention of company applications through WeChat. CHINABRAND was able to support German companies in using their software in China. Solutions were found that meet the legal and technical requirements.