Thomas Zhang Shares Data Security Compliance Best Practices for European SMEs in China

Thomas Zhang, Partner and Head of IT & IS, recently spoke at a hybrid workshop titled Cybersecurity, Data and Personal Information Protection Compliance for EU SMEs in China, which was organized by the EU SME Centre. As a professional compliance service provider with solid experience in IT compliance in China, one of the questions we get asked most often is “Are we compliant with the Personal Information Protection Law (PIPL) if we are already compliant with the General Data Protection Regulations (GDPR)?”  At this session, Thomas explained the difference between the two regulations and shared tips dealing with challenges cross-border data transfer could bring. When it comes to compliance practice, Thomas suggested, “The first thing is to build a big data inventory, otherwise you will have no idea what kind of information you actually possess or what you are sharing. The next step is to identify the applicable compliance requirements for your business from all laws and regulations. Then you need to seek resources from both legal and IT sides for a comprehensive analysis. Finally, you can work on a plan for meeting the compliance requirements, but more importantly, you need to be prepared for the changing regulatory landscape.” A thorough analysis is a good starting point for compliance, but the key is taking action. The most important thing is not to panic when faced with the complexity of China’s regulatory environment and the consequences of noncompliance. However, we urge companies against inaction and advise them not to passively wait for further detailed guidelines. A prompt action plan should be created and followed to set out on the path toward meeting compliance targets. Should you have any questions about how to be compliant under China’s data security regulations, our team of experts can help you.

Further Resources

For further resources on China’s data regulation, you can visit our website, China Briefing, where you can find articles and webinars such as:

• GDPR Versus PIPL – Key Differences and Implications for Compliance in China
• China Releases First Guidelines for Cross-Border Data Transfer Application
• Cross-Border Data Transfer – New Measures Clarify Security Review Requirements
• Cross-Border Data Transfer – New Provisions Clarify Contract Procedure for Personal Information Export