Data Security Laws in China: An Introduction for Foreign Entrepreneurs and Investors
The Cybersecurity Law of the People's Republic of China was formally introduced on June 1, 2017. The law (also called "the cybersecurity law" has resulted in much debate since its inception. Here we'll provide a summary of the most important parts of the Law.
Like Us on Facebook
What is it?
The macro-level law has developed from the cybersecurity rules and regulations that were previously in place from various fields and levels.
The Law further provides principal norms on particular issues that aren't considered to be high-priority in the short-term but have longer-term significance. When issues come to the fore, these norms will act as a legal reference.
The Cybersecurity Law also offers legal liability definitions and regulations. The Law sets a number of different punishments for various kinds of illegalities, including suspensions and fines.
How are businesses affected?
The majority of issues around cybersecurity are still covered by old laws, as opposed to the current Cybersecurity Law. Enterprises, therefore, are forced to work out the most applicable compliance issues and solutions themselves. Most business issues revolve around data security and VPN.
Complying with data security
Legal observers believe that cybersecurity legislation will view data security as its No. 1 concern when it comes to its next review. Enterprises may well be preparing themselves for this by being proactive in making compliance adjustments in advance. They may be looking more towards external solutions, for example, such as employing the services of a data security company capable of securing data from attacks and simplifying regulatory compliance. Data security is one of the most important elements of any organisation and especially so in this day and age with cybercriminals being more active than ever in their efforts to steal data.
Complying with VPN
VPN has been a problem for a long time. Authorities have tried numerous laws over the years in a bid to regulate VPN. Before the Cybersecurity Law was in place, corresponding law-enforcement failed to offer much by way of structure and many enterprises paid little attention when it came to complying with VPN laws.
After the Law was introduced, multinational corporations started to give more priority to VPN usage due to orders from authorities to "clean-up" their VPN usage. Current law states that enterprises can use VPN for internal work as long as they adhere to certain conditions, i.e. they buy VPN services from official suppliers and they file for a VPN usage record.