Cybersecurity & Data Protection Cybersecurity & Data Protection

Data is strongly associated with both national sovereign and security and enterprise transformation and upgrading. Our data compliance experts are not only familiar with China's regulatory framework, but also certified as the EU and U.S. privacy professionals by International Association of Privacy Professionals (IAPP). Our experts all have a broad international perspective and deep insights into the policy trends. Additionally, we have been striven to go deep into business scenarios to help enterprises' digital transformation and development, insisting that compliance is the starting point and development is the goal. Through years of legal practice in this field, we have rich experience in data compliance in finance, automotive, medicine and health, e-commerce, TMT, etc. Our team is particularly adept at, through combining creative legal thinking and optimal compliance measures, handling data regulatory matters. We are typically good at providing tailored advice to enterprises on complex regulatory matters and risk management, and assisting in the whole process of implementation.

Our Services

For the cybersecurity and data protection requirements under Chinese laws and regulations, the EU GDPR, and the U.S. HIPAA/COPPA/CCPA rules, our professionals offer reliable services as follows:

Legal

• Draft and review legal documents such as privacy policy, data protection agreement, cross-border data transfer agreement, etc.

• Draft and review agreements and business policies relating to the provision of internet products and services

• Review and revise employment contracts and employee privacy statements

• Provide legal updates on cybersecurity and data protection

• Provide dispute resolution and lawsuit response concerning data-related infringement, contracts, antitrust and unfair competition matters

Compliance

• Draft and review data security management policies or guidelines

• Draft and revise data assets classification policy and procedures

• Draft and review important data identification and impact analysis documents

• Draft and review internal assessment documents on Critical Information Infrastructure (CII) identification

Risk Assessment

• Assist in self-assessment based on Cybersecurity Law

• Assist in self-assessment on personal information protection impact

• Assist in self-assessment in cross-border data transfer

• Assist in identifying the roles of client as a data controller or processor and analyzing legal obligations accordingly under relevant legislations and standards

• Advise on remedial measures to fulfill regulatory obligations and reduce risks

GR/PR

• Assist to build long-term trustworthy relationship with data protection authorities

• Respond to data security incidents and incidents of incompliance 

• Create communication and coordination channels with relevant government agencies and key stakeholders

• Report and communicate swiftly with supervisory authorities and media platforms

• Mitigate business impacts from negative media exposure

PRC laws

• Advised a biological AI diagnosis and treatment enterprise on data compliance matters

• Advised an internet hospital on comprehensive data protection compliance matters

• Conducted research jointly with several companies including one managed by Securities Association of China on data compliance in securities industry and won the award of outstanding research

• Conducted joint research with several securities companies on the application of the PRC Personal Information Protection Law in the securities industry

• Advised a well-known Chinese futures company on personal information protection compliance in the securities and futures industry

• Provided a well-known Chinese insurance company with personal information protection compliance training

• Advised a well-known Chinese financial technology company on data compliance and IPR compliance

• Advised a world leading smart home company on personal information protection matters

• Advised a world leading advanced materials manufacturing company on comprehensive data compliance matters

• Advised a world-renowned hydropower company on data compliance matters

• Advised a leading lidar manufacturer on data compliance matters

• Advised a world-renowned IP services company on personal information protection compliance matters

• Advised a renowned U.S. pharmaceutical company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Advised a Chinese technology company of a world leading automotive group on cybersecurity, data protection and telecommunications regulatory compliance matters

• Advised a Chinese leading financial holding group on comprehensive personal information protection compliance matters  

• Advised a world-renowned auto parts manufacturer on comprehensive compliance matters related to cybersecurity, privacy protection and internet content regulation based on China's Cybersecurity Law

• Advised a world-renowned luxury hotel chain company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Advised a U.S. leading online travel agency on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Advised a leading Canadian asset management company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law for its subsidiaries in energy and investment sectors

• Advised a world leading energy company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Assisted a world-renowned investment bank in reviewing and revising a self-assessment report based on China's Cybersecurity Law

• Advised a world leading logistics company on data breach response based on PRC laws and regulations

• Advised a world leading shipping company on data breach response based on PRC laws and regulations

GDPR

• Advised a leading European automotive company on its GDPR compliance program in China carried out by its Asia Pacific headquarters

• Advised a leading U.S. media company on compliance matters based on China’s cybersecurity law, U.S. CCPA and EU GDPR

• Advised a famous real estate enterprise in China on GDPR compliance matters

• Advised a famous auto battery parts manufacturer in China on GDPR compliance matters

• Advised a famous medical device manufacturer in China on GDPR compliance matters

• Advised a famous wind power manufacturing enterprise in China on GDPR compliance matters in HR scenarios

• Advised a famous smartphone manufacturer in China on GDPR compliance matters

• Advised a famous bike-sharing enterprise in China on GDPR compliance matters

• Provided a famous smartphone manufacturer in China with GDPR compliance training services

U.S. laws

• Advised a renowned U.S. media company on compliance matters with China’s Cybersecurity Law, U.S. CCPA and EU GDPR

• Advised a leading Chinese payment institution on U.S. financial data regulations research matters