Along with the development of big data and cloud computing, the speed of information transmission has become more and more prominent, and the difficulty of cyber security and personal information protection has also increased. The Cyber Security Law of the People’s Republic of China (hereinafter referred to as the “Cyber Security Law”) is the first basic law to comprehensively regulate the security management of cyberspace in mainland China. Since its implementation, it has had a profound impact on the cybersecurity systems of enterprises.
According to the main body regulated by the Cyber Security Law, almost all enterprises that “construct, operate, maintain and use the network” in China are covered. The term “enterprise” within the legislation does not distinguish between domestic and foreign enterprises, therefore, Chinese-funded enterprises and foreign-funded enterprise, as long as the enterprise “constructs, operates, maintains, and uses the network” in China, shall comply with the provisions of the Cyber Security Law . Taking a multinational enterprise that regularly processes and cross-border transmission of customer personal information as an example, it is necessary to pay attention to fulfilling compliance obligations related to the protection of personal information.
First of all, relevant multinational enterprises should clarify the definition of “personal information.” For example, the information of specific clients collected by enterprises for business development may be regarded as “personal information” as they can identify “specific individuals” from such data.
Secondly, enterprises should formulate a strict system of personal information collection and use. The means of obtaining, usage, and storage of clients’ personal information shall be considered by the enterprise. It is important to obtain the authorization of the information subject, especially, in situations where the transfer of user information is from China to overseas, the situation of the party receiving the information overseas should also be disclosed to the information subject in a timely manner.
It is recommended that relevant enterprises develop operational guidelines for the cross-border transmission of information and data, clarify the main responsibilities for the cross-border transmission of personal information, and strictly prohibit individuals who are not related to the business from contacting and transmitting personal information overseas in order to avoid possible legal risks.
Therefore, considering the above-mentioned scenario, we should suggest relevant investment enterprises to, while conducting cross-border investment business, take the provisions of personal information protection into account and understand the provisions of the Cyber Security Law in order to avoid potential compliance risks.
Provisions of the New Company Law on the Dismissal and Resignation of Directors China’s new Company Law, which will come into effect on July 1, 2024, creates the following systems for the dismissal and resignation of directors: first, the shareholders’ meeting may resolve to dismiss a director, but if a director is dismissed before the
The new Company Law was amended and passed on December 29, 2023, and will come into effect on July 1, 2024. The new law shortens the deadline for subscribed capital contributions, allowing companies to adjust their registered capital according to their operational conditions. This article starts by focusing on the key provisions of the new
On March 22, 2024, the Cyberspace Administration of China officially announced the Regulations on Facilitating and Regulating Cross-border Data Flow (“Regulations”) and took effect upon the date of announcement. According to the previous regulatory requirements for data outbound transfer, there are three main methods for data outbound transfer: security assessment, standard contract, and protection certification.
