China’s evolving Cybersecurity Law and what companies should know before operating in mainland China
In 2017 China’s Cybersecurity Law went into effect, marking an important milestone in China’s efforts to create strict guidelines on cyber governance. Over the past three years, numerous updates to the regulations and interpretations have been released making it increasingly difficult for organizations to ensure compliance with the Law.
Furthermore, due to ambiguous requirements and broadly defined terminology, some enterprises are concerned about the law’s potential impact on their operations in China, while others worry that it will create trade barriers to foreign companies in the Chinese market.
Given these complexities, we have developed a Point of View (POV) series highlighting specific areas of the Law that have the biggest impact and implications for multinational corporations conducting business within mainland China.
We first present a high-level overview of the law and recent updates to the regulations, and then to give greater insight we dive into the following sections:
- Personal Information Protection
- Multi-Level Protection Scheme
- Critical Information Infrastructure
- Cross-Border Data Transfer
Download the POVs below which delve deeper into each of these sections.
As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this Point of View (POV) highlights a key area pertaining to personal information protection. Personal information is defined as information that can be used individually or in combination with other information to identify a person. Requirements around the dissemination and management of personal information by network operators are prescribed within the Cybersecurity Law and are closely linked to the national standard of personal information protection, the Personal Information Security Specification (“the Specification”).
Protiviti Cybersecurity and Privacy Protection Services
How Protiviti Can Help
Protiviti aids businesses in ensuring that their IT services meet legal requirements and regulatory rules on both national and industry-specific levels. With a team of IT security professionals, compliance experts, auditors, and other professionals, Protiviti keeps track of evolving regulations based on industry innovations, environmental trends, and emerging risks.
Protiviti security and privacy services will evaluate your current compliance according to relevant legal requirements and regulatory rules and develop technical solutions that correspond with your current technology, procedures, and resources competency. We will close gaps in your IT technology and processes in line with your budget plan, as well as prevent disruptions to normal IT and business operations from compliance activities.