New Specifications: IT Security of Apps in China

On November 1, 2022, the national standard GB/T 41391-2022 “Information Security Technology Basic Requirements for Mobile Internet Applications (Apps) Collecting Personal Information,” published in April, will come into force. It applies to all app operators in China and is intended to regulate personal information collection activities. This standard is relevant to all companies that operate… Continue reading New Specifications: IT Security of Apps in China

Politics of the Common Good: What Companies Need to Watch Out For

A policy change is underway in China that is causing foreign companies to strategically reevaluate how they do business. The goal of the new policy is to strengthen the common good through more intensive control of markets. The relevant document is the Opinions on Accelerating the Construction of a Single National Market of China of… Continue reading Politics of the Common Good: What Companies Need to Watch Out For

App Certification in China

There are various certifications in China for protecting personal data in apps. The most important is the App Security Certification of the China Cybersecurity Review Technology and Certification Center (CCRC). It applies to apps of all service types, for example, apps developed and used in the smart home sector. However, there is one important requirement… Continue reading App Certification in China

Data Lifecycle Security Management on the Industrial Internet

With the growing number of digital industrial enterprises in China and the explosion of data from the industrial Internet, data security is becoming increasingly important for the smooth operation of enterprises in China. On April 8, 2022, the China Industrial Information Security Development Research Center (CIC) released the China Industrial Internet Industry Integration Development Report… Continue reading Data Lifecycle Security Management on the Industrial Internet

Important Data in Industry and Information Technology

The Data Security Law (DSL) requires companies to categorize their data as “general data,” “important data,” and “core data.” Which data falls into these categories varies from industry to industry. The definition of important data for the automotive industry has received the most attention so far, and also for the financial industry a detailed explanation… Continue reading Important Data in Industry and Information Technology

Data Protection: Obstacle to the Digital Economy?

There are new proposals for data management and cross-border data transfer. For example, the issues of data ownership, use, processing and control should be clarified. Data privacy, trade secrets and national security should be regulated in certain use scenarios such as Big Data marketing, corporate data sharing and cross-border data flows. Regulation of cross-border data… Continue reading Data Protection: Obstacle to the Digital Economy?

New Data Centers in China: Data from the East, Computing Power in the West

Eight regions in China are to be developed into national hubs for computing power by building 10 national data center clusters: Jing Jin Ji 京津冀 (Beijing, Tianjin, Hebei Province), Changsanjiao 长三角 (Yangtze River Delta), Yue Xiang Ao Dawan Qu 粤巷澳大湾区 (Guangdong, Hong Kong, Macau – Greater Bay Area)), Chengyu 成渝 (Chongqing and Chengdu), Inner Mongolia,… Continue reading New Data Centers in China: Data from the East, Computing Power in the West

China’s Strict IT Compliance Competes with RCEP

The world’s largest free trade agreement, the Regional Comprehensive Economic Partnership (RCEP), has been in effect since Jan. 1, 2022. It allows companies in participating countries to engage in cross-border partnerships, tariff reductions and trade simplification. Over the next 20 years, up to 90% of tariffs incurred in the zone are expected to be eliminated.… Continue reading China’s Strict IT Compliance Competes with RCEP

First Corporate Data Compliance Guideline in China

On January 30, 2022, Shanghai issued the first official Corporate Data Compliance Guideline. The 38-article document guides companies to strengthen their data management in terms of data compliance, identification, assessment and elimination of data risks. The guideline emphasizes that a company’s management is responsible for data compliance and recommends that a dedicated data compliance management… Continue reading First Corporate Data Compliance Guideline in China

National Standard Provides Insight into Future Data Requirements

The requirements of the internationally widely discussed Data Security Law (DSL, effective since Sep 1, 2021) are a challenge for many companies operating in China. To establish a hierarchical protection system for data classification, China’s National Information Security Standardization Technical Committee has issued the National Standard – Guide for Important Data Identification (Draft, hereinafter referred… Continue reading National Standard Provides Insight into Future Data Requirements