Articles

Service Hotline: Mo to Fr 9am-6pm (CST) +86 10 6561 6609

Data Security n China

The cybersecurity law came into force on 1 June 2017, and since then regulates the operation, maintenance and use of the Internet in China. On 1 May 2018, new standards will come into force and further clarify the data protection rules of the Cyber Security Act. The following aspects are considered:

 

• Online services, products, and commerce

• Internet providers

• Network name system for Wi-Fi or mobile ID

• Confidentiality of personal information

• Manage online information on your own website

 

Following the initial uncertainty and ambiguity caused by vague definitions, new requirements will come into force on 1 May 2018 to provide greater clarity. 

 

NATIONAL STANDARD For Data Security

 

The cybersecurity law has so far created only a very rough legal framework for data security. The collection and processing of personal data that is not done by network operators have not been satisfactorily regulated in China.

 

A national standard for the protection of personal data should remedy this situation and affect both private and public organizations. As a result, new guidelines will apply to companies as well.

 

The standard was published on January 5, 2018, and will enter into force on May 1, 2018 (the Chinese version of the standard can be downloaded as a PDF here). In addition to data protection, it also specifies the processing of personal information.

 

It defines what is considered personal data, such as IP addresses, but also what is categorized as sensitive personal data.

 

Personal data includes:

 

  • Basic data (e.g. name, gender, age)
  • Identification numbers (e.g. ID number, passport number)
  • Physiological and biological recognition features (e.g., DNA, fingerprints)
  • Digital identification features (e.g. IP address, email address)
  • Health data (e.g. medical records, genetic predisposition)
  • Educational background and professional background (e.g. degrees, employment)
  • Financial status (e.g., account data, real estate ownership)
  • Communication data (e.g. call logs and - content, letter correspondences)
  • Internet data (e.g. online history, browser behavior)
  • Hardware information (e.g. MAC address, serial numbers)
  • Geodata (for example GPS data, residential address)
  • Other personal information (such as marital status, religious affiliation, sexual orientation)

 

Sensitive data includes any information from children under the age of 14 years as well as information about natural persons, which may have a negative impact on them if shared without permission. These include in particular:

 

  • Financial status (e.g. account data, real estate ownership)
  • Health data (e.g. medical records, genetic predisposition)
  • Physiological and biological recognition features (e.g. DNA, fingerprints)
  • Identification numbers (e.g. ID number, passport number)
  • Internet data (e.g. online history, browser behavior)
  • Other personal information (e.g. telephone number, sexual orientation)

 

In particular, the method of transmission is crucial for the protection. Should this data be compromised by either a data leak, illegal disclosure, or misuse, special criminal sanctions will apply.

 

 

Other specifications For data security

 

Further regulations of the cybersecurity law are also specified at the same time. These include, among other things, the appointment of a data protection officer, data usage, users' right to information, and data storage.

 

Also, companies with more than 200 employees or an annual data volume of 50,000 individual datasets must appoint a data protection officer.

 

Furthermore, the data collection should be limited to data necessary to achieve the business transaction. The user's consent is required if the data is used for more than one specific purpose. In doing so, the Chinese government is aligning its standards with the OECD Guidelines on the Protection of Privacy.

 

Finally, the user should be given the opportunity to view his personal data, make changes or delete it.

 

Businesses may be de-listed and have their business license revoked if they store or provide data from abroad. Apple, for example, has decided to relocate its data center for Chinese iCloud users to China to comply with cybersecurity law.

 

Benefit from Our CYBERSEcurity-HEALTH CHECK

 

ECOVIS Beijing can provide you with a cybersecurity health check. We can verify if the website provider has qualified licenses or whether it qualifies for online payments. It is also possible to assess the cybersecurity of online trading or the security of the payment process. We can also review if the collection of personal information or the process of collecting, transmitting or storing data is lawful. Finally, we also evaluate whether the public and/or corporate server complies with the law.

 

If you have further questions about cybersecurity in China, feel free to contact This email address is being protected from spambots. You need JavaScript enabled to view it. at any time. 

 

 Richard2017 150x225  

Richard Hoffmann

Richard Hoffmann is a partner at ECOVIS Beijing China. Richard obtained an honors degree in law and worked in Germany, the United States, and China for various prestigious law firms prior to joining ECOVIS. In addition to being a member of the board of ECOVIS International, he is Supervisor for the China business of a respected German company and shares his extensive knowledge to students by teaching commercial law in China at SRH Hochschule Heidelberg. He has published more than fifty articles in international magazines, frequently speaks at high profile events in China and abroad and is often invited as a legal expert by international TV stations. Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

Ecovis Beijing is the trusted tax and legal advisor to several embassies and official institutions in China. It specializes in mid-sized international companies and is focused on tax & legal advisory, accounting and auditing. If you’re interested in finding out more about tax and legal, don’t hesitate to sign up for our Newsletter, give us a call +86 (10) 6561 6609 or contact us directly via This email address is being protected from spambots. You need JavaScript enabled to view it.
Linkedincontact ecovis beijing

Events

NEWSLETTER

Newsletter

 

 

Business Hotline:

+86 10 6561 6609

Monday - Friday 9am - 6pm

China Standard Time

This email address is being protected from spambots. You need JavaScript enabled to view it.

 

ECOVIS Beijing
Room 1105, DRC Building, No. 19 Dongfang East Road, 

Chaoyang District, Beijing, 100600

 

 

China Desk in Heidelberg

Lenaustrasse 12, 69115 Heidelberg

Germany

Argentina
Australia
Austria 
Belgium 
Brazil 
Bulgaria 
China

Colombia

Croatia 

Cyprus 
Czech Republic
Denmark 
Estonia

Finland
France 
Germany

Greece

Hong Kong
Hungary
India 
Indonesia 
Ireland

Israel 
Italy  
Japan 

Latvia

Liechtenstein 

Lithuania
Luxembourg

Macedonia
Malaysia 
Malta 
Mexico

Netherlands 
New Zealand 
Poland 
Portugal

Qatar
Romania 
Russia 
Serbia

Singapore  
Slovakia 
Slovenia

South Africa

South Korea 
Spain 
Sweden

Switzerland

Taiwan

Thailand

Tunisia
Turkey
Ukraine  
United Kingdom

United States 
Uruguay