Cybersecurity & Data Protection

Our cybersecurity and data protection team is a forerunner and industry leader in China, with a wealth of experience in various fields such as cybersecurity, data security, and personal information protection. In addition to hands-on practice, our team has long been active in academic and legislative activities, most notably the research on and drafting of the Cybersecurity Law, the Regulations on Protection of Critical Information Infrastructure (draft for comments), the Data Security Law (draft), the Personal Information Protection Law (draft), and a series of supporting regulations of Cyberspace Administration of China (CAC). By closely cooperating with data compliance experts worldwide, we can offer our clients one-stop services for global data compliance. Having handled numerous mandates in this area, we have formed unique methodology for data compliance. Our extensive experience in Internet of Vehicles (IoV), autonomous driving, surveying and mapping, artificial intelligence (AI), cloud computing, big data, Internet of Things (IoT), blockchain, credit investigation, e-commerce, precision marketing, face recognition, online payment, IPO, etc. has equipped us with great acumen to help our clients navigate and respond to challenges in complex legal and regulatory settings. Our clients operate in a variety of industries, including finance, automotive, IT and internet, telecoms, life sciences and big health, media, energy, aviation, agriculture, chemical industry, and manufacturing.

Scope of Services

Data Element Policy Research and Data Transaction Mode Designing

  • Demonstration of data product compliance

  • Design of public open data models

  • Digital transformation planning and implementation support

  • Counseling on and compliance review for digital new infrastructure business

Data Compliance for Businesses Going Offshore

  • Data compliance risk assessment in major jurisdictions, including but not limited to European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)

  • Review of and assistance in drafting privacy policies for foreign-related websites/products and terms and conditions applicable to overseas consumers

  • Formulation of technical measures and organizational measures to protect the rights of data subjects

  • Analysis and design for routes of cross-border data transfer

  • Counseling on the appointment of data protection officers (DPOs) and EU representatives

  • Response to data breach incidents

  • GDPR and CCPA/CPRA compliance training

Autonomous Driving, AI, Blockchain, IoV, and IoT

  • Counseling on and compliance review for high-tech business

  • Algorithm governance framework design

  • Compliance of surveying and mapping geographic data

  • Qualification of internet map services

  • Data compliance framework design

  • Market access of and comprehensive solutions for IoV and IoT

Internet Finance (ITFIN) and E-commerce

  • Financial data compliance

  • Classification of financial data

  • Protection of rights and interests of financial consumers

  • Compliance analysis of cross-border transfer of financial data

  • Compliance governance of e-commerce and large internet platforms

  • Compliance of new-type e-commerce data

  • Compliance and protection of e-commerce merchants

Big Data and Cloud Computing

  • Compliance analysis and compliance model design for cloud service models, such as PaaS, SaaS, IaaS, and BaaS

  • Compliance for procurement of cloud computing and big data products and services

  • Market access of and transaction mode designing for telecommunications services

  • Compliance analysis for new business models, products, and services in collection, use, aggregation, transfer, sharing, etc., of data

Administrative Investigation and Criminal Risk Prevention

  • Identification of criminal risks associated with cybersecurity and data protection and formulation of related compliance guides

  • Provision of solutions and participation in emergency response to regulatory investigations and inquiries into cybersecurity issues

  • Formulation of cybersecurity incident response plans

Protection of Critical Information Infrastructure (CII)

  • CII preliminary identification

  • Designing of CII protection system

  • Equipment procurement and construction management of CII system

  • Designing of CII security personnel and accountability system

  • Cybersecurity review


  • Establishment of cybersecurity compliance management system

  • Cybersecurity multi-level protection scheme

  • Formulation of business cybersecurity rules

  • Cybersecurity incident response plan and drill

  • Implementation of online real-name system

  • Formulation of rules for procurement of network products and services

  • Designing of cybersecurity management measures

  • Cybersecurity compliance training

  • Commercial cryptography compliance

Listing, Investment, Financing, and M&A

  • Data compliance due diligence

  • Risk identification and solutions for pre-listing data compliance

  • Risk assessment of and response to cybersecurity review

  • Drafting and revision of the data compliance section of prospectus

  • Support for response to pre-IPO regulatory inquiries

  • Support for negotiations on data trade

Data Compliance and Governance

  • Establishment of enterprise data compliance management system

  • Drafting and revision of authorization documents (including privacy policies), internal compliance management rules such as corporate data management rules, data processing agreements, etc.

  • Localization and cross-border transfer of data

  • Classified and tiered data management

  • Security assessment of outbound data transfer

  • Impact assessment of personal information protection

  • Establishment of mechanisms for responding to requests for personal information subjects

  • Audit on personal information protection compliance

  • Personal information security engineering / privacy protection design

  • Data breach emergency response


  • Latest
  • Most relevant