what we do

Data Privacy

In recent years China has built an elaborate legal framework for dealing with data privacy compliance, modeled on GDPR but with distinctive Chinese characteristics. The most notable laws are the PRC Cybersecurity Law of 2017, PRC Data Security Law of 2021 and PRC Personal Information Protection Law (PIPL) in 2021, and these have been complemented by a myriad of laws, regulations and implementing rules to set the standards for future conduct.

With continuous legal developments and government enforcement picking up, international companies across all sectors must ensure legal compliance. Whether you are a B2B operator that handles limited personal data, a retailer that exports customer data abroad, a critical infrastructure operator in China or a foreign companies that collects personal data in China, our team will help you build the right systems to minimize compliance risk in this important area.

Our data privacy experts support clients in dealing with the following:
  • Cross-border data transfer compliance
  • Privacy Impact Assessment (PIA) reports
  • Data transfer agreements (with suppliers, sub-contractors, service providers, HQ)
  • Filings with the Cyberspace Administration of China (CAC)
  • Advice on internal data privacy and cybersecurity protection policies
  • Review of data privacy risks for business models
  • Outward facing channel data compliance (privacy/cookies policies, websites, WeChat work/Mini program, APPs etc.)
  • Digital marketing data privacy compliance
  • Dealing with request by data subjects to exercise rights under the PIPL
  • Enforcement actions, regulatory inquiries, investigations or litigation following a data breach
  • Privacy & data compliance in aviation and healthcare