中国数据安全相关法规的白皮书-英文版

Strategies for Data Compliance in ChinaSeptember 202402Brochure / report title goes here | Section title goes here Executive Summary 01Overview of China’s Data Regulations 02Planning Recommendations 04Managing Opportunity and Risk 05Identifying Data Affected by Privacy and Data Security Regulations 06Formulating a Localization Strategy 08Key Takeaways 14Appendix I 15Appendix II 16 Appendix III 19ContentsStrategies for Data Compliance in China | Executive Summary 01Executive Summary Target Audience for this White PaperThis paper is appropriate for medium to large corporations with significant business in the Chinese mainland, or plans to expand business in the Chinese mainland.Corporations and the Chinese MarketThe Chinese mainland offers substantial business opportunities for multinational corporations. It is the second largest economy in the world by nominal GDP and first by purchasing power parity. China’s GDP is larger than its next four competitors combined. China’s GDP grew at 5.2% in 2023—far faster than most other economies of its scale. Business cases are often made on total addressable market or on market growth, and China is a leader in both.However, there are also business risks associated with the Chinese market—among them, recent data laws and regulations. The Cybersecurity Law was passed in 2017, followed by the Data Security Law, and the Personal Information Protection Law in 2021. These laws significantly changed the nature of doing business in China. Regulatory trends continue to become more stringent and complex at an increasing speed, including semi-annual reviews by the Cyberspace Administration of China. Multinational companies are challenged to comply with these regulations in a timely manner. Enterprise IT projects can be significantly longer than the semi-annual periods of regulatory updates. In that time, companies are expected to: • Classify all data, even that which does not go to China, including the level of sensitivity of that data • Undergo a security assessment by the Cybersecurity Authority of China (this depends on the scale of the operation) • Build and obtain approval on many technical and resource items, including: – Finding a legal approach to comply with Chinese regulations – Communicating with local regulators – Procuring software – Staffing a local team to ensure local compliance regulations are met – Setting up new services and configure the relevant apps – Planning, testing, and executing a data and code migration – Onboarding users Corporations need to choose strategies that are resilient to regulatory change, enable growth in the China market, and allow business alignment between their Chinese Mainland operations and the rest of the world. There are steps and strategies corporations can take now to conduct business in China while protecting customer data and addressing regulatory and legal concerns.02Strategies for Data Compliance in China | Overview of China’s Data RegulationsOverview of China’s Da