Data privacy and IT security
With the advancement of technology, Chinese lawmakers have created a comprehensive code of conduct in the Cybersecurity Act, which came into force on June 1, 2017. It applies to all companies active in electronic commerce in China. It includes regulations on data protection, IT security and general behaviour on the Internet.
Under the cybersecurity law, foreign and Chinese companies are obligated to take extensive data protection measures. This includes, for example
- the provision of internal and external data protection regulations, which determines what kind of personal and important data are collected and processed by the company,
- observance of basic data protection rights for data subjects, such as consent requirements, information and cancellation claims, or
- the requirements for storing data in China and the obligation to carry out security checks when transferring data abroad.
In addition, extensive technical and organizational measures must be taken to maintain an adequate IT security level. These include, for example, the provision of an internal security management including an emergency plan for cybersecurity emergencies such as cyber-attacks or the provision of technical and organizational measures to secure cybersecurity.
Our privacy and IT security consulting services include:
- Examining and advising on data protection relevant processes, in particular for the collection, storage and transferring of data between Germany and China
- Advice on the implementation of the requirements of the IT security law, e.g. in the form of employee training
- Drafting and review of contracts with providers of software and IT products
- Guidance on security checks and certification processes for providers of software or IT products.