Cybersecurity & Data Protection Cybersecurity & Data Protection

Data is closely linked to national sovereignty and security, as well as to the transformation and advancement of enterprises. Our data compliance experts are not only familiar with China's regulatory framework, but are also certified by International Association of Privacy Professionals (IAPP) as EU and U.S. privacy professionals. Our experts have a broad international perspective and insight into global policy trends. Additionally, we have actively delved into various business scenarios to aid enterprises in their digital transformation and growth, firmly believing that compliance is the foundation and development is the objective. With years of legal practice in this field, we possess extensive experience in data compliance across sectors such as finance, automotive, medicine and health, e-commerce, and TMT. Our team excels in blending innovative legal strategies with optimal compliance measures to navigate data regulatory challenges effectively. We specialize in offering tailored advice on complex regulatory issues and risk management, and we assist enterprises throughout the entire implementation process.

Our Services

For cybersecurity and data protection requirements under Chinese law and regulation, the EU’s GDPR, and the U.S. HIPAA/COPPA/CCPA regulations, our professionals offer the following services:

Legal

• Draft and review legal documents such as privacy policies, data protection agreements, and cross-border data transfer agreement.

• Prepare and evaluate agreements and business policies pertaining to the provision of internet products and services

• Review and revise employment contracts and employee privacy statements

• Provide legal advice on cybersecurity and data protection

• Offer dispute resolution and litigation services for issues related to data infringement, contracts, antitrust, and unfair competition matters

Compliance

• Draft and review data security management policies and guidelines

• Draft and revise classification policies and procedures for data assets

• Draft and review identification and impact analysis documents for data

• Draft and review internal assessment documents on Critical Information Infrastructure (CII) identification

Risk Assessment

• Facilitate self-evaluation in accordance with Cybersecurity Law

• Facilitate self-evaluation regarding the impact of protecting personal information

• Facilitate self-evaluation in cross-border data transfer

• Assist in determining whether client acts as a data controller or processor and analyze the corresponding legal obligations under applicable laws and standards

• Advise on remedial measures to fulfill regulatory obligations and reduce risk

GR/PR

• Assist in establishing and maintaining long-term, trustworthy relationships with data protection authorities

• Address data security incidents of incompliance 

• Create communication and coordination channels with relevant government agencies and key stakeholders

• Swiftly report and communicate with supervising authorities and media platforms

• Mitigate the impacts on business of negative media exposure 

PRC laws

• Advised a biological AI diagnosis and treatment enterprise on data compliance matters

• Advised an internet hospital on comprehensive data protection compliance matters

• Conducted research jointly with several companies including one managed by Securities Association of China on data compliance in securities industry and won the award of outstanding research

• Conducted joint research with several securities companies on the application of the PRC Personal Information Protection Law in the securities industry

• Advised a well-known Chinese futures company on personal information protection compliance in the securities and futures industry

• Provided a well-known Chinese insurance company with personal information protection compliance training

• Advised a well-known Chinese financial technology company on data compliance and IPR compliance

• Advised a world leading smart home company on personal information protection matters

• Advised a world leading advanced materials manufacturing company on comprehensive data compliance matters

• Advised a world-renowned hydropower company on data compliance matters

• Advised a leading lidar manufacturer on data compliance matters

• Advised a world-renowned IP services company on personal information protection compliance matters

• Advised a renowned U.S. pharmaceutical company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Advised a Chinese technology company of a world leading automotive group on cybersecurity, data protection and telecommunications regulatory compliance matters

• Advised a Chinese leading financial holding group on comprehensive personal information protection compliance matters  

• Advised a world-renowned auto parts manufacturer on comprehensive compliance matters related to cybersecurity, privacy protection and internet content regulation based on China's Cybersecurity Law

• Advised a world-renowned luxury hotel chain company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Advised a U.S. leading online travel agency on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Advised a leading Canadian asset management company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law for its subsidiaries in energy and investment sectors

• Advised a world leading energy company on cybersecurity and privacy compliance matters based on China's Cybersecurity Law

• Assisted a world-renowned investment bank in reviewing and revising a self-assessment report based on China's Cybersecurity Law

• Advised a world leading logistics company on data breach response based on PRC laws and regulations

• Advised a world leading shipping company on data breach response based on PRC laws and regulations

GDPR

• Advised a leading European automotive company on its GDPR compliance program in China carried out by its Asia Pacific headquarters

• Advised a leading U.S. media company on compliance matters based on China’s cybersecurity law, U.S. CCPA and EU GDPR

• Advised a famous real estate enterprise in China on GDPR compliance matters

• Advised a famous auto battery parts manufacturer in China on GDPR compliance matters

• Advised a famous medical device manufacturer in China on GDPR compliance matters

• Advised a famous wind power manufacturing enterprise in China on GDPR compliance matters in HR scenarios

• Advised a famous smartphone manufacturer in China on GDPR compliance matters

• Advised a famous bike-sharing enterprise in China on GDPR compliance matters

• Provided a famous smartphone manufacturer in China with GDPR compliance training services

U.S. laws

• Advised a renowned U.S. media company on compliance matters with China’s Cybersecurity Law, U.S. CCPA and EU GDPR

• Advised a leading Chinese payment institution on U.S. financial data regulations research matters