Personal data protection and cybersecurity has recently become a major legal issue in China, with significant developments in legislation in this area over the past few years. This has had a dramatic impact on both local and foreign-invested companies in China across various industries, particularly the way in which companies handle the data of their employees, customers and suppliers, and deal with data breach and cybersecurity risks.

Our team of lawyers and consultants have been pioneers in this important area of law, and have extensive experience in providing legal advice and services to international companies that are required to adapt to and comply with China’s changing data protection and cybersecurity regime. Our data protection and cybersecurity services include advising on and handling the following:

  • Cybersecurity Law, Personal Information Protection Law, Data Security Law and other key laws and regulations
  • Disclosure, Informed Consent and Consent Management
  • Data Localization and Cross-Border Transfer of Personal Information
  • Extraterritorial Application
  • Security Assessment
  • Personal Information Protection Impact Assessment
  • Data Breach Reporting and Rectification Requirements
  • Entities Covered (e.g., Critical Information Infrastructure Operators)
  • Penalties

Services with regard to two major categories of personal information we often advise on and handle include the following:

  • Employee Personal Information:
    • Privacy Notices, Disclosure Rules and Consent Forms
    • Data Protection Content for Employee Handbooks and Labor Contracts
    • Employee Management Under Special Circumstances (e.g., Face IDs for Checking Attendance)
  • Customer or Users’ Personal Information:
    • Preparatory Actions (e.g., Appointment of Official Contact Person for Personal Information Protection Related Affairs)
    • Processing Activities and Securing the Rights of Information Subjects
    • Product/Service Contracts, Data Access Agreements and Data Protection Addendums
    • Emergency Policies for Security Incidents