Due to the three laws in the field of data – the Cyber Security Law, the Data Security Law and the Personal Information Protection Law – companies in China must set up a complete system to comply with data protection and security regulations. A good data compliance system can avoid warnings from administrative authorities during inspections, and thus avoid fines as well. In fact, the benefits of data compliance go beyond this.
Compared to administrative penalties, criminal liability has a greater impact. Companies and responsible individuals can be affected by fines and imprisonment, and a company’s further development can also be negatively impacted. A recent case handled by the Putuo Prosecutor’s Office reveals another function of data compliance: protection from criminal prosecution. Company Z had illegally obtained data from a takeaway platform using crawlers, causing direct economic damage of more than RMB 40,000 to the platform. The company was charged by the prosecution for illegally obtaining data from computer information systems. However, Company Z subsequently compensated for the damage and set up a comprehensive data security management system. As a result, the public prosecutor’s office refrained from prosecution.
In addition, data compliance can control and mitigate data security risks and thus prevent security incidents. If companies can prove that they have met their obligations to develop and implement a data compliance system in the event of data security incidents, this also reduces the risk of administrative fines or civil liability.
Protecting personal data through data compliance further enhances a company’s brand value by increasing users’ trust in the company. They are more willing to provide personal data to the company.