Cybersecurity & Data Protection
Our cybersecurity and data protection team is a forerunner and industry leader in China, with a wealth of experience in various fields such as cybersecurity, data security, and personal information protection. In addition to hands-on practice, our team has long been active in academic and legislative activities, most notably the research on and drafting of the Cybersecurity Law, the Regulations on Protection of Critical Information Infrastructure (draft for comments), the Data Security Law (draft), the Personal Information Protection Law (draft), and a series of supporting regulations of Cyberspace Administration of China (CAC). By closely cooperating with data compliance experts worldwide, we can offer our clients one-stop services for global data compliance. Having handled numerous mandates in this area, we have formed unique methodology for data compliance. Our extensive experience in digital transformation, cross-border data transfer, data element, Internet of Vehicles (IoV), autonomous driving, artificial intelligence (AI), cloud computing, Internet of Things (IoT), blockchain, credit investigation, e-commerce, precision marketing, face recognition, online payment, listing, overseas business expansion, etc. has equipped us with great acumen to help our clients navigate and respond to challenges in complex legal and regulatory settings in China and abroad. Our clients operate in a variety of industries, including finance, automotive, IT and internet, telecoms, life sciences and big health, media, energy, aviation, agriculture, chemical industry, and manufacturing.
Scope of Services
Data Compliance and Governance
Establishment of enterprise data compliance management system
Drafting and revision of authorization documents (including privacy policies), internal compliance management rules such as corporate data management rules, data processing agreements, etc.
Localization and cross-border transfer of data
Classified and tiered data management
Security assessment of outbound data transfer
Impact assessment of personal information protection
Establishment of mechanisms for responding to requests for personal information subjects
Audit on personal information protection compliance
Personal information security engineering / privacy protection design
Data incident response
Listing, Investment, Financing, and M&A
Data compliance due diligence
Risk identification, analysis, and mitigation for prelisting data compliance
Risk assessment of and filing for cybersecurity review
Drafting and revision of the data compliance section of prospectus
Support for response to pre-IPO regulatory inquiries
Drafting and revision of clauses concerning data compliance for investment and financing
Cybersecurity
Establishment of cybersecurity compliance management system
Cybersecurity multi-level protection scheme
Formulation of business cybersecurity rules
Cybersecurity incident response plan and drill
Implementation of online real-name system
Formulation of rules for procurement of network products and services
Designing of cybersecurity management measures
Cybersecurity compliance training
Commercial cryptography compliance
Protection of Critical Information Infrastructure (CII)
CII preliminary identification
Designing of CII protection system
Equipment procurement and construction management of CII system
Designing of CII security personnel and accountability system
Cybersecurity review
Administrative Investigation and Criminal Risk Prevention
Identification of criminal risks associated with cybersecurity and data protection and formulation of related compliance guides
Provision of solutions and participation in emergency response to regulatory investigations and inquiries into cybersecurity issues
Formulation of cybersecurity incident response plans
Big Data and Cloud Computing
Compliance analysis and compliance model design for cloud service models, such as PaaS, SaaS, IaaS, and BaaS
Compliance for procurement of cloud computing and big data products and services
Market access of and transaction mode designing for telecommunications services
Compliance analysis for new business models, products, and services in collection, use, aggregation, transfer, sharing, etc., of data
Artificial Intelligence Compliance
Assessment of compliance throughout the lifecycle of AI products
Filing for algorithms and large language models of AI products
Ethical review of science and technology of AI products
Compliance concerning overseas business expansion of AI enterprises
Compliance concerning training data collection and usage
Risk control for AI outputs
User behavior rules
Internet Finance (ITFIN) and E-commerce
Financial data compliance
Classification of financial data
Protection of rights and interests of financial consumers
Compliance analysis of cross-border transfer of financial data
Compliance governance of e-commerce and large internet platforms
Compliance of new-type e-commerce data
Compliance and protection of e-commerce merchants
Autonomous Driving, AI, Blockchain, IoV, and IoT
Counseling on and compliance review for high-tech business
Algorithm governance framework design
Compliance of surveying and mapping geographic data
Qualification of internet map services
Data compliance framework design
Market access of and comprehensive solutions for IoV and IoT
Data Compliance for Businesses Going Offshore
Establishment of global data compliance regime
Data compliance risk assessment in major jurisdictions, including but not limited to European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)
Drafting data compliance guidance for targeting countries and assisting in implementation thereof
Review of and assistance in drafting privacy policies for foreign-related websites/ products and terms and conditions applicable to overseas consumers
Formulation of technical measures and organizational measures to protect the rights of data subjects
Analysis and design of routes of cross-border data transfer
Counseling on the appointment of data protection officers (DPOs) and EU representatives
Response to data breach incidents
GDPR and CCPA/CPRA compliance training
Data Element Policy Research and Data Transaction Mode Designing
Participation in negotiations over data transactions
Demonstration of data product compliance
Designing of public open data models
Assistance with digital transformation planning and implementation
Counseling on and compliance review for digital new infrastructure business
Related
Articles
Deals
Awards
Professionals
- Latest
- Most relevant
-
- Office location
-
- Practices
-
Chinese Mainland Capital MarketsHong Kong & Overseas Capital MarketsInvestment/M&A & Corporate GovernanceCross-border Investment/M&AConstruction & Project DevelopmentFinancingDebt Restructuring & Non-performing AssetsTaxation & Wealth PlanningPrivate Equity & Investment FundsFinancial Products & TrustsLitigation & ArbitrationCorporate & Commercial CrimeBankruptcy, Insolvency & ReorganizationShippingCompliance & InvestigationAntitrust & CompetitionTrade Compliance & Trade RemediesCustoms & Import/ExportLabor & EmploymentHealth, Safety & Environmental ProtectionIP Licensing & EnforcementTrademark ProsecutionPatent ProsecutionCybersecurity & Data Protection
-
- Industries
-
Real EstateUrban InfrastructureTransportation & LogisticsTourism & HospitalityEnergy & PowerMining & Natural ResourcesBanking & Financial ServicesInsuranceFinancial Innovation & FintechTelecommunications & InternetInformation & Intelligence TechnologyHealthcarePharmaceuticals & Life SciencesEducation & TrainingMedia-Sports & EntertainmentNational Defense & Military IndustryRetail & Consumer ProductsIndustry & ManufacturingAgriculture & Food
-
Language
-
Jurisdiction
-
-
-
Grace LI
Non-equity Partner
ShanghaiPractices: IP Licensing & Enforcement,Cybersecurity & Data Protection -
Grace LI
Non-equity Partner
Shanghai
-
