China continues to regulate data security. The Data Security Management Measures in the Field of Industry and Information Technology, which took effect on January 1, 2023, further specify the management of the entire life cycle of data. Companies should primarily pay attention to the following four requirements: Data localization: It is not explicitly required that… Continue reading New measures for Data Security Management
Companies operating in China should be attentive to the Measures on Security Assessment of Cross-Border Data Transfers (Measures), published on July 7, 2022, as they take effect as early as September 1, 2022. Among other things, the Measures require data processors to conduct a security assessment when: 1. Providing critical data outside of China. 2.… Continue reading Cross-Border Data Transfer outside China: Attentive to the Rectification Period
On April 10, 2022, the Chinese government announced to accelerate the construction of the unified domestic market. Part of this is to also establish a data market to promote Big Data applications and AI development, focusing on data security and control of cross-border data transfer. To be allowed to provide data outside China, data processors… Continue reading New Data Exchanges in China
There are new proposals for data management and cross-border data transfer. For example, the issues of data ownership, use, processing and control should be clarified. Data privacy, trade secrets and national security should be regulated in certain use scenarios such as Big Data marketing, corporate data sharing and cross-border data flows. Regulation of cross-border data… Continue reading Data Protection: Obstacle to the Digital Economy?
The world’s largest free trade agreement, the Regional Comprehensive Economic Partnership (RCEP), has been in effect since Jan. 1, 2022. It allows companies in participating countries to engage in cross-border partnerships, tariff reductions and trade simplification. Over the next 20 years, up to 90% of tariffs incurred in the zone are expected to be eliminated.… Continue reading China’s Strict IT Compliance Competes with RCEP
On January 30, 2022, Shanghai issued the first official Corporate Data Compliance Guideline. The 38-article document guides companies to strengthen their data management in terms of data compliance, identification, assessment and elimination of data risks. The guideline emphasizes that a company’s management is responsible for data compliance and recommends that a dedicated data compliance management… Continue reading First Corporate Data Compliance Guideline in China
With the enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL), security management and assessment of cross-border data transfer became a key issue. Following these three laws, China’s Cyberspace Administration (CAC) published the Measures on Data Export Security Assessment (Draft for Comments) on October 29, 2021, which provides… Continue reading Data Export Security Assessment: All Data Processors Are Involved
Many international companies are currently considering regionalizing their production and upstream supply chains for specific markets to a greater extent and making their subsidiaries in different world regions more independent of each other. The goal is to secure supply chains by deepening regional value creation and to better meet regional customer needs through regionally manufactured… Continue reading Regionalization: Avoiding Loss of Control