Companies operating in China are being urged to familiarise themselves with a new cyber security law that takes effect in June 2017. The new rules, designed to tighten state control over information flows and technology equipment, means foreign companies doing business in China will be required to localise any data that may contain sensitive privacy data or state secrets. The penalty for not doing so can result in fines for organisations or civil and criminal penalties including imprisonment or death penalty for individuals.

Despite this, a large majority of legal technology professionals said that they are not familiar with China’s new Cybersecurity Law, which was passed into law in December 2016. Furthermore, only 14% of respondents to a survey conducted by Consilio indicated that they were concerned about this new law, It says some 75% of legal technology professionals are not familiar with the new law, though 57% indicated having at least one legal matter that touched China within the last two years (such as internal or government investigations, litigation, M&A). Some 27% said they knew of at least ten Chinese legal matters that their organisations were involved in over the same time period

“China is now the world’s second largest economy, and for global corporations and those that aspire to be global, it is critical for them to have a full understanding of the data requirements and regulatory landscape of that region,” said Dan Whitaker, managing director of Consilio’s China operations. “Since 2012, cyber walls have been going up in multiple regions around the world, and as countries continue to create new regulations, organisations must continually educate themselves on the quickly evolving nuances of data privacy laws in every jurisdiction, specifically as it relates to the ability to move data in and out of the countries in question.”

When polled about other international compliance laws, organisations are most concerned about, respondents identified the Foreign Corrupt Practices Act, or FCPA as the most concerning, followed by the General Data Protection Regulation (GDPR) and the UK Bribery Act.

Share Story: