CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

In the most significant development this year (arguably more so than the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”) coming into force), draft detailed guidance on how organisations can in practice comply with China’s strict data, e-commerce and online platform rules – including new compliance obligations – has been published.

The draft Network Data Security Management Regulation (“Draft Regulation”) was published for consultation on 14 November 2021, and is very wide-ranging in the compliance areas covered. Notably it includes a host of new, onerous regulatory approval and governance requirements for personal data controllers, organisations processing “important data” and operators of online platforms/e-commerce sites, including in the context of corporate transactions. It may also have an impact on IT vendors to organisations in the cloud market.

Key points for businesses to note:

New prior assessment impact on corporate activities: perhaps the most onerous new provisions, the following are

Read the article