Data compliance is now a challenge that a company doing business in, or relating to, China. Making necessary changes ahead of time will enable enterprises to be able to continue to operate in China without disruption.
China has prioritized data protection, data privacy, and cybersecurity through a series of laws and regulations over the last five years. Implementing rules, clarifications, and other relevant industry norms are periodically updated and released. Cybersecurity Law of China (CSL), promulgated on 7 November 2016, by the Standing Committee of China’s National People’s Congress (NPC), the Cybersecurity Law increases the national government’s jurisdiction over the business of cybersecurity.
The CSL’s main concerns:
- Risks that the provider of the product or service may be engaged in unfair competition and compromising interests of users due to their usage of the product or service
- Any other risks that may compromise national security or the public interest
The CSL’s two new rules that did not exist before:
- Companies considered critical information infrastructure operators must store data collected in mainland China locally
- These firms must also undergo a security assessment to gain approval to send any of that data overseas
Although the new Cybersecurity Law of China came into effect 1 June 2017, many companies are still unclear about the specific terms of the law. Given the potentially high cost of noncompliance associated with the law, and the uncertain nature of the guidelines that the government will release, managers should review draft measures and monitor related developments to ensure that their businesses are prepared.
Besides the security reviews, another controversial measure that foreign firms have identified within the Cybersecurity Law is the data localization requirements. According to Article 37, all personal information and other key data produced and gathered by CII (critical information infrastructure) companies must be stored on servers located on mainland China. If it is necessary to transfer data outside of mainland China, firms must first receive government permission and undergo a security assessment.
The new Cybersecurity Law is an important development, revealing how China will continue to address data security and advance its cyberspace sovereignty. It has significant consequences for businesses operating in China and introduces new compliance requirements that companies should be aware of as the government releases further details.
Hence, enterprises have business and operations in China should review and evaluate their existing infrastructure, as well as their business scope, and check on what kind of information they are collecting from customers. In addition, it is worth evaluating alternative business options, such as domestic vendors and suppliers that can be used to build infrastructure in China to remain in compliance with China’s new Cybersecurity Law.
What impact will this have on companies operating in china?
When the Cybersecurity Law went into effect five years ago, the impact was almost immediate. Foreign companies suddenly had to assess their data practices to see if they were in compliance with the law, which is difficult for companies that rely on centralised control of cloud infrastructure.
However, international companies have been quick to find ways to comply with new data laws, showing the strength of the market in a country that now has more than 1 billion internet users.
As an example, Apple Inc. has opened its first data center in China in 2017 once the Chinese Cybersecurity Law in place by China Government. Apple’s
setting the tone for how foreign companies will treat a tough new law that requires them to keep Chinese users’ information inside the country.
Apple is likely to be the most successful of the foreign technology companies in China, and its practice of keeping data centers at home with the help of Chinese partners suggests that others will likely have to do the same.
In summary, data compliance is now a challenge that a company doing business in, or relating to, China must accept and manage.
The future of data localization and cross-border transfer in china
While governing bodies continue to issue new parameters, privacy teams need to keep a close eye on new and changing rule. Remaining agile is key. This means teams will need to adjust data storage and processing practices accordingly. This area carries significant implications for operations, costs, and resources outside of privacy operations. Getting data localization right early and often isn’t just critical for compliance. It also carries increased economic significance from here on out, especially in terms of e-commerce. Data localization needs to be a top priority for your organization’s privacy program.
Leveraging data localization transition with HAND
Why HAND? And how we can help you on data localization transition?
Hand Global Solutions’ parent company HAND Enterprise Solutions is the leading digital transformation services & solutions company in China. With 10,000+ IT experts globally, HAND has successfully completed 20,000+ IT services projects. Our team footprint has spread to 89 countries around the world for 7000+ clients.
HAND understands data localization, data residency and data sovereignty are increasingly becoming critical for global organizations. Our customers trust HAND to safely store regulated data in China. That trust requires a service that is highly available and secure. As a HAND customer, you benefit from a service designed, built, maintained, and monitored to meet the requirements, privacy, availability, and reliability of the most security-sensitive organizations and industries.
We can help you navigate these considerations to help protect against the risks and make smooth transition. Making necessary changes ahead of time will enable enterprises to be able to continue to operate in China without disruption.
Meet HAND: your partner in data localization transition
Keeping up with data localization laws and policies isn’t a simple process. The rules vary from country to country. To take swift and precise action in support of compliance and business objectives, privacy terms need up-to-date, granular insights from across the world.
Our successful cloud cross-border data migration case studies
- HAND x Microsoft Azure Cloud Cross-border Data Migration Case Study
- HAND x AWS Cloud Data Migration from Japan to China Case Study
If you have any questions or would like to know how this CSL might affect your business in China and what we can do for your business, please phone +65 6783 1929, or email to enquiry@hand-sg.com HAND Global Solutions. We are happy to hear from you.
