☰  MENU

Keep an Eye on China

You’ll probably be aware of China’s new cybersecurity law which came into effect at the beginning of this month. Our take on it is that: The scope is not clear; It embeds data classification, encryption,…

You’ll probably be aware of China’s new cybersecurity law which came into effect at the beginning of this month.

Our take on it is that:

  • The scope is not clear;
  • It embeds data classification, encryption, incident response planning, breach notification and device security certification as basic standards;
  • It requires data localisation; and
  • It echoes the EU’s GDPR by mandating that companies obtain the consent of Chinese citizens before collecting, handling or processing their PII.

All of this means it’s worth keeping an eye on developments, especially for clarification over scope and applicability.  Whilst we wait for that, it would be wise to extract value from existing GDPR or NYDFS compliance programs and carry out an initial data mapping exercise in relation to your Chinese operations.  This will give you the best foundation to roll out solutions, once they are confirmed as necessary. If you’d like to discuss this further, please contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 2 =

Next Blog Item →What is the insurance industry doing about GDPR?