Data, Privacy & Cybersecurity


China has an increasingly complex legal framework of data and privacy protection rules and cybersecurity obligations, like other jurisdictions – but with Chinese characteristics. As one of the country’s few law firms with a primary focus on TMT industries, DaHui routinely assists both domestic and international clients in all aspects of their data handling matters related to China. We often help multinationals in structuring and implementing dependable data practices with respect to their China operations, perform data due diligence in M&A and investments, and assist with a wide range of data and privacy compliance matters faced by all types of companies doing business in China.

In addition, ever since the promulgation of China’s ground-breaking Cybersecurity Law, we also increasingly serve our clients as an unrivalled resource on the absolute latest developments of China’s constantly evolving cybersecurity regime. As many aspects of this regulatory regime are still works in progress and subject to a cacophony of competing market voices and regulatory interpretations, such compliance advice often implicates entirely novel or cutting-edge legal issues, the successful navigation of which can only be achieved by means of an entrenched local presence and deep understanding of PRC regulatory logic. In serving as a legal vanguard on such matters, we leverage our firm’s extensive experience with China’s entire regulatory apparatus, focusing not only on written or officially announced laws and regulations, but also on the (usually more important) real-world practices and interpretive frameworks of relevant regulators.

In the face of considerable uncertainties, DaHui aims to provide sound, pragmatic and actionable legal advice, which can be relied on by our clients for achieving their goals in the China market. In fact, our robust expertise in this space informs practically all matters we handle, enabling us to identify and pre-empt data privacy and cybersecurity risks across the entire spectrum of our clients’ legal needs. As a result, our clients can operate confidently, without falling victim to the paralysis of uncertainty or becoming mired in reactive, after-the-fact compliance measures, but rather empowered to focus on growing their business and transforming their commercial goals into reality.

Our services in this area include:

  • Advice on PRC legal implications and compliance of various data collection, processing, and sharing activities, including cross-border data transfers
  • Formulation of user-facing and internal data/privacy policies and practices
  • Assistance with “Multi-Level Protection Scheme” (MLPS) assessments and compliance for corresponding legal requirements
  • Advice on measures in response to data breaches and other cybersecurity incidents
  • Assistance with government procedures relating to data security matters, including cybersecurity review procedures, mandatory self-assessments for cross-border data transfers and various government data filings
  • Conducting of due diligence on cybersecurity compliance of targets of M&A or investments and advice on possible risk mitigation measures
  • Assistance with user and regulator inquiries or complaints, internal and government investigations and designing and implementing rectification measures

Relevant Experience


Advised Airbnb on data, privacy and cybersecurity compliance policies and ad hoc issues implicated by its local services, employment matters and other operations.


Advised CBS on local storage, cross-border transfer and other data and cybersecurity compliance issues from localizing one of its online systems.

China World Trade Center

Assisted China World Trade Center, the largest building complex of Beijing, in implementing cross-border data transfer compliance measures for using cloud-based office software.


Assisted Comcast on ensuring the cybersecurity and employment-related privacy compliance of using office CCTV and of other local operational activities involving collection of personal information.


Advised Elsevier on the full spectrum of data, privacy and cybersecurity regulatory aspects related to launching a suite of localized online information and analytics products and services.

Related News & Insights

Aug 9, 2023

Data Protection Laws in China: New Draft Measures Offer Clarity on Compliance Audits under the PIPL
Read Article

Jun 2, 2023

CAC Issues Guidelines on Standard Contract Filing for Outbound Cross-Border Transfers of Personal Information
Read Article

Apr 13, 2023

Doping, Disputes, Betting, and More: DaHui Authors China Sports Law Guide for Chambers 2023
Read Article

© DaHui Lawyers