Security in Focus: China's Counter-Espionage Law
The new Chinese Counter-Espionage Law (CEL), which came into effect on July 1, 2023, has significant implications for data security and privacy in China. Enacted in accordance with the constitution, this law aims to strengthen counter-espionage efforts, impede, halt, and penalize espionage, safeguard national security, and protect the interests of the population. The impact of the law on cross-border information transfer deserves particular attention.
What has changed?
- Redefinition and significant expansion of the concept of espionage
- Improvement of security measures, as well as investigative and processing measures for counter-espionage
- Expansion of administrative law enforcement powers
- Enhancement of surveillance
Why is it important for companies?
- High risk for data in strategic key areas
- Increased global risk exposure for companies
- New challenges for law compliance regarding the storage and transmission of data (especially master data and sensitive data)
- Hidden espionage risks in Export Control Law
Services provided by CHINABRAND for CEL compliance in China
- Support with applications for security certifications
- Conducting data mappings, mapping data flows, and creating data flow diagrams
- Review of data transfer concepts Conducting Personal Information Security Impact Assessments (PISIA)
- Assistance in designing contracts with data recipients according to the Chinese Standard Contractual Clauses (CSCC)
- Gap analysis and remediation plan for optimization needs
- Communication with authorities responsible for processes and approvals
- Coordination of the required risk assessment of records before transferring abroad
- Coordination of security review and approvals by the Cyberspace Administration for personal data
- Coordination of regular reporting to authorities
CHINABRAND offers companies tailored solutions to compliance challenges as a professional consulting firm in the areas of data protection and data transfer – following established standards from the initial assessment to practical implementation on-site in China. We assess the cybersecurity and data protection of your company in the context of relevant compliance regulations, develop a legally sound strategy, and implement it in permissible and proven measures.
"Like for any state, Chinese regulation is complex and need guidance to ensure compliance. CHINABRAND, combining technical, legal and language skills, is greatly helping us in our MLPS 2.0 compliance journey. Without their support it would have been very difficult to deal with this certification."
Director Global IT Infrastructure and Security