Data, Privacy & Cybersecurity

China has an increasingly complex legal framework of data and privacy protection rules and cybersecurity obligations, like other jurisdictions – but with Chinese characteristics. As one of the country’s few law firms with a primary focus on TMT industries, DaHui routinely assists both domestic and international clients in all aspects of their data handling matters related to China. We often help multinationals in structuring and implementing dependable data practices with respect to their China operations, perform data due diligence in M&A and investments, and assist with a wide range of data and privacy compliance matters faced by all types of companies doing business in China.

In addition, ever since the promulgation of China’s ground-breaking Cybersecurity Law, we also increasingly serve our clients as an unrivalled resource on the absolute latest developments of China’s constantly evolving cybersecurity regime. As many aspects of this regulatory regime are still works in progress and subject to a cacophony of competing market voices and regulatory interpretations, such compliance advice often implicates entirely novel or cutting-edge legal issues, the successful navigation of which can only be achieved by means of an entrenched local presence and deep understanding of PRC regulatory logic. In serving as a legal vanguard on such matters, we leverage our firm’s extensive experience with China’s entire regulatory apparatus, focusing not only on written or officially announced laws and regulations, but also on the (usually more important) real-world practices and interpretive frameworks of relevant regulators.

In the face of considerable uncertainties, DaHui aims to provide sound, pragmatic and actionable legal advice, which can be relied on by our clients for achieving their goals in the China market. In fact, our robust expertise in this space informs practically all matters we handle, enabling us to identify and pre-empt data privacy and cybersecurity risks across the entire spectrum of our clients’ legal needs. As a result, our clients can operate confidently, without falling victim to the paralysis of uncertainty or becoming mired in reactive, after-the-fact compliance measures, but rather empowered to focus on growing their business and transforming their commercial goals into reality.

Our services in this area include:

• Advice on PRC legal implications and compliance of various data collection, processing, and sharing activities, including cross-border data transfers
• Formulation of user-facing and internal data/privacy policies and practices
• Assistance with “Multi-Level Protection Scheme” (MLPS) assessments and compliance for corresponding legal requirements
• Advice on measures in response to data breaches and other cybersecurity incidents
• Assistance with government procedures relating to data security matters, including cybersecurity review procedures, mandatory self-assessments for cross-border data transfers and various government data filings
• Conducting of due diligence on cybersecurity compliance of targets of M&A or investments and advice on possible risk mitigation measures
• Assistance with user and regulator inquiries or complaints, internal and government investigations and designing and implementing rectification measures