Cybersecurity & Data Protection
Zhong Lun is a pioneer in China's cybersecurity and data protection legal services
Our cybersecurity and data protection team is a forerunner and industry leader within this sector in China, boasting a wealth of experience in various fields such as cybersecurity, data security, and personal information protection. In addition to hands-on practice, our team has long been active in academic and legislative activities, most notably the research on and drafting of the Cybersecurity Law, the Regulations on Protection of Security of Critical Information Infrastructure (Draft for Comments), the Data Security Law (Draft), the Personal Information Protection Law (Draft), and a series of supporting regulations promulgated by Cyberspace Administration of China (CAC), ministries including the Ministry of Industry and Information Technology, as well as Beijing and other local governments. By closely cooperating with data compliance experts worldwide, we can offer our clients one-stop services for global data compliance.
Having handled numerous mandates in this area, we have formed a reliable track record and unique methodology for data compliance. Our extensive practical experience in many domains, encompassing digital transformation, cross-border data transfer, data element, Internet of Vehicles (IoV), autonomous driving, artificial intelligence (AI), cloud computing, Internet of Things (IoT), blockchain, credit investigation, e-commerce, precision marketing, face recognition, online payment, listing, overseas business expansion, etc. has equipped us with great acumen to help our clients navigate and respond to challenges in complex legal and regulatory settings in China and abroad. Our clients operate in a variety of industries, including artificial intelligence, finance, automotive, IT and internet, telecoms, life sciences and big health, media, energy, aviation, agriculture, chemical industry, and manufacturing.
Scope of Services
Data Compliance and Governance
Establishment of enterprise data compliance management system
Compliance management of apps/WeChat Mini Programs
Drafting and revision of authorization documents (including privacy policies), internal compliance management rules such as corporate data management rules, data processing agreements, etc.
Global response to cross-border transfer of data
Development of classified and tiered data system and identification of critical data
CAC filing and assessment of outbound data transfer
Impact assessment of personal information protection
Establishment of mechanisms for responding to requests for personal information subjects
Audit on personal information protection compliance
Personal information security engineering/privacy protection design
Data incident response
Data compliance training
Listing, Investment, Financing, and M&A
Data compliance due diligence
Risk identification, analysis, and mitigation for prelisting data compliance
Risk assessment of and filing for cybersecurity review
Data compliance rectification for listing applicants
Drafting and revision of the data compliance section of prospectus
Support for response to pre-IPO regulatory inquiries
Drafting and revision of clauses concerning data compliance for investment and financing
Legal opinions specialized for data compliance
Cybersecurity
Establishment of cybersecurity compliance management system
Response to and handling of cybersecurity review incidents
Formulation of business cybersecurity rules
Response plan and drill for cybersecurity incidents, including data leaks
Compliance of procurement of network products and services
Designing of cybersecurity management measures
Cybersecurity compliance training
Commercial cryptography compliance
Protection of Critical Information Infrastructure (CII)
CII preliminary identification
Designing of CII protection system
Equipment procurement and construction management of CII system
Designing of CII security personnel and accountability system
Cybersecurity review and critical data
Administrative Investigation and Criminal Risk Prevention
Identification of criminal risks associated with cybersecurity and data protection and formulation of related compliance guides
Provision of solutions and participation in emergency response to regulatory checks, investigations and inquiries, into cybersecurity issues
Formulation of cybersecurity and data security incident response plans
Big Data and Cloud Computing
Compliance analysis and compliance model design for cloud service models, such as PaaS, SaaS, IaaS, and BaaS
Compliance for procurement of cloud computing and big data products and services
Compliance guidance for cloud computing going abroad
Development of schemes to address global regulations on cloud computing
Compliance of IDC construction and operation
Market access of and transaction mode designing for telecommunications services
Compliance analysis for new business models, products, and services in collection, use, aggregation, transfer, sharing, etc., of data
Artificial Intelligence Compliance
Assessment of compliance throughout the lifecycle of AI products
Filing for algorithms and large language models of AI products
Ethical review of science and technology of AI products
Compliance concerning overseas business expansion of AI enterprises
Compliance concerning training data collection and usage
Risk control for AI outputs
User behavior rules
Contract template drafting for AI developers and operators
Development of compliance systems for AI service platforms
Internet Finance (ITFIN) and E-commerce
Financial data compliance
Classification of financial data
Protection of rights and interests of financial consumers
Compliance analysis of cross-border transfer of financial data
Compliance governance of e-commerce and large internet platforms
Governance and data compliance of new-type e-commerce
Compliance and protection of e-commerce merchants
Contract handling and dispute resolution in the cooperation between businesses and e-commerce merchants
Autonomous Driving, IoV, and IoT
Counseling on and compliance review for high-tech business
Compliance of surveying and mapping geographic data
Qualification of internet map services
Market access of and comprehensive solutions for IoV and IoT
Compliance specialized for vehicle export
Data Compliance for Businesses Going Offshore
Establishment of global data compliance regime
Data compliance risk assessment in major jurisdictions, including but not limited to European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)
Drafting data compliance guidance for targeting countries and assisting in implementation thereof
Review of and assistance in drafting privacy policies for foreign-related websites/ products and terms and conditions applicable to overseas consumers
Formulation of technical measures and organizational measures to protect the rights of data subjects
Analysis and design of routes of cross-border data transfer
Counseling on the appointment of data protection officers (DPOs) and EU representatives
Response to data breach incidents
Compliance assessment (such as PIA and RoPA) under GDPR
GDPR and CCPA/CPRA compliance training
Data Element Policy Research and Data Transaction Mode Designing
Participation in negotiations over data transactions
Demonstration of data product compliance
Designing of public open data models
Assistance with digital transformation planning and implementation
Counseling on and compliance review for digital new infrastructure business
Counsel and handling concerning data related disputes
Analysis and legal representation in data antitrust and anti-competition cases
Compliance analysis and legal opinion relating to data scraping
Analysis and legal representation in infringement on personal data
Analysis and legal representation concerning AI pre-trained data and AI-generated outputs
Related
Articles
Deals
Awards
Professionals
- Latest
- Most relevant
-
- Office location
-
- Practices
-
Chinese Mainland Capital MarketsHong Kong & Overseas Capital MarketsInvestment/M&A & Corporate GovernanceCross-border Investment/M&AConstruction & Project DevelopmentFinancingTaxation & Wealth PlanningPrivate Equity & Investment FundsFinancial Products & TrustsLitigation & ArbitrationCorporate & Commercial CrimeShippingCompliance & InvestigationAntitrust & CompetitionTrade Compliance & Trade RemediesCustoms & Import/ExportLabor & EmploymentHealth, Safety & Environmental ProtectionIP Licensing & EnforcementTrademark ProsecutionPatent ProsecutionCybersecurity & Data ProtectionBankruptcy, Insolvency & ReorganizationDebt Restructuring & Non-performing Assets
-
- Industries
-
Real EstateUrban InfrastructureTransportation & LogisticsTourism & HospitalityEnergy & PowerMining & Natural ResourcesBanking & Financial ServicesInsuranceFinancial Innovation & FintechTelecom & InformationIntelligence Technology & ApplicationHealthcarePharmaceuticals & Life SciencesEducation & TrainingMedia, Sports & EntertainmentNational Defense & Military IndustryRetail & Consumer ProductsIndustry & ManufacturingAgriculture & Food
-
Language
-
Jurisdiction
-
ChinaChina (Hong Kong SAR)UKJapanFranceCanadaKazakhstanCalifornia, USANew York, USANew Jersey, USAWashington, D.C., USAWashington, USAWisconsin, USAGeorgia, USAOregon, USAMinnesota, USANorth Carolina, USAColorado, USAPennsylvania, USATexas, USA澳大利亚新南威尔士州Illinois, USAChina (Taiwan SAR)New South Wales, Australia
-
-
-
Yi XUE
Equity Partner
BeijingPractices: Antitrust & Competition,Cross-border Investment/M&A,Cybersecurity & Data ProtectionIndustries: Energy & Power,Mining & Natural Resources,Intelligence Technology & Application,Pharmaceuticals & Life Sciences,Media, Sports & Entertainment -
Yi XUE
Equity Partner
Beijing
-
