The primary challenge issued by the new Cybersecurity Law (CSL) is the data localization provision requiring the storage of all Chinese citizens’ personally identifying information (PII) in mainland China, and the accompanying sub-rules. 
If this is your dilemma, CDS has the solution. CDS can provide our Global Private Network (GPN) in and out of mainland China for fast, seamless data synchronization as well as Cloud hosting or storage options.  In addition, with CDS you get the expertise of a trusted mainland partner to help you securely navigate the rules and regulations of mainland China. See below for more information on the requirements of the CSL, or contact us for a free consultation.

Contact Us for a Free Consultation

We can provide compliance solutions!

The Foreign Company’s Guide
to Navigating China’s New Cybersecurity Law

The new Cybersecurity Law of China (CSL) took effect June 1 although implementation of some provisions has been delayed.  Many foreign companies are concerned about the effects the CSL will have on their ability to do business in Hong Kong and mainland China.

The first draft of the CSL was the 2015 National Security Law, in which the government outlined goals for protecting its “cyber sovereignty” and cyber security. The law was deliberately vague allowing room for the development of more specific regulations as needed. This leaves many businesses and analysts trying to understand the actual implications of the CSL. The main points of concern are:

  • Privacy and Intellectual Property
    The CSL requires certain businesses (primarily tech companies) operating in China provide information about their cybersecurity networks, equipment, and software to the government.
  • Citizen Data Rights and Protections
    The CSL includes measures includes data localization provisions requiring data storage of all Chinese citizens’ personally identifying information (PII) in mainland China, and enacts several sub-rules including a requirement that businesses must obtain the individuals’ consent before collecting, processing, and storing personal data. Citizens must also be able to easily correct or delete the data collected and be afforded the ability with to cancel their accounts or withdraw consent at any time.
  • Data Restrictions
    Companies are legally responsible for all information collected, regardless of how it was obtained. Data must be collected for a specific purpose and must be deleted upon completion. Information cannot be sold, and the accuracy of all information must be ensured. Any data transmitted outside of China by any entity must first be reviewed and approved.
  • Cybersecurity Measures
    Rules for securing the data of citizens are outlined as well as risk reporting guidelines around network services and products, incident contingency, network maintenance plans and government certifications or inspections of cyber security services and products to be sold in the country. All network transmissions must be monitored and “network security incidents” are required to be reported, and subsequent “technical support” is required. This support may result in authorities accessing internal or external communications, etc.
  • Individual Responsibilities
    Individuals using mobile phone SIM cards and online gamers must register under a real name and provide their true identities to Internet providers before publishing content, using instant messaging or accessing other services. Also, Internet providers are required to censor any information deemed ‘critical’ or ‘banned.’ Non-registered gamers cannot make in-game purchases. Baidu, China’s largest online search engine, now requires users to register their real identities to participate in online forums or purchase storage.

 

Grace Period for Foreign Businesses
To give foreign businesses time to make adjustments, the government has enacted a 19-month grace period before requiring their compliance.

The interpretation of the new CSL is still under debate. The implications for foreign companies can be far reaching and expensive. For most companies, data collection, storage, and maintenance will require costly restructuring of existing IT infrastructure. Some businesses are considering building new facilities to meet data localization requirements. Others are seeking assistance from companies native to mainland China.

Interpreting the new law should be approached with caution, as penalties may be stiff. Failing to adhere, can incur penalties of up to 10 times a business’s out-of-compliance gains. But the alternative – not doing business in China at all – could be far worse. Experts from AmChamChina, the American Chamber of Commerce in China, suggest the following:

  • Use AmCham China and other industry groups to stay current on the issuance of any revisions or the implementation of regulations by the CAC or other governmental bodies
  • Review your company’s procedures for the storage and exporting of personal data for compliance with the CSL. Remember to include any third party agencies that have access to the restricted data
  • Establish and practice protocols for unexpected visits from government authorities
  • Establish a team responsible for assuring the basic network security requirements of the CSL to prevent security breaches and to maintain network logs for a minimum of six months
  • Evaluate compliance with existing regulations governing network security
  • Consider working with a mainland partner who can offer guidance and advice

 

Mainland Experts
For any foreign company doing business in China can be challenging. The assistance of a mainland partner can be invaluable. An insider’s experience and knowledge can help prevent costly and time-consuming mistakes. When navigating the frequently changing rules and regulations, ensuring CSL compliance, or obtaining and ICP Registration Number, the right partner, can make all the difference. CDS fosters a strong working relationship with regulatory officials even providing a dedicated office for their use at our headquarters in Beijing.

CDS Global Cloud is a subsidiary of Capital Online Data Services headquartered in Beijing and the only publically traded network and data center provider in mainland China.  Established in 2005 Capital Online Data Services has over 50 data centers in mainland China and peers with all major carriers in China. No one provides better communications coverage in China than CDS.

Globally, CDS has an additional 16 data centers interconnected via Layer 2 fiber-optic cable forming a Global Private Network (GPN). Our GPN provides a significant advantage over all other providers as far as Internet access and connectivity from mainland China to the world. With the CDS GPN, data synchronization through the Great Firewall is fast, reliable, and secure – independent of the public Internet. There is no delay caused by traffic congestion at the GFW and zero packet loss. Data synchronization is seamless.

China is the fastest growing e-commerce market in the world. Don’t miss out on all that China offers. With CDS as a trusted partner, we can help you navigate the regulatory complexities of with no missteps and maximum return. CDS delivers fast, seamless data synchronization, a full range of Cloud services and both SSD and Object storage.

Questions?

We have answers and options!

Click here for a summary of China’s new Cybersecurity Law and Critical Information Infrastructure

Click here for a complete translation of China’s new Cybersecurity Law by the American Chamber of Commerce – China

CDS Solutions:

Premium Internet Routing (PIR)

Recommended for e-Commerce, Online Education, Market Testing, Gaming or Video Market Research

PIR is the solution for the customer who needs fast, secure connectivity to China, without hosting in China.  CDS PIR is the ideal way to test market response without a large commitment or time or money.

ICP Registration Number:   Not required

Recommended For: e-Commerce, Online Education, Gaming and Video Market Research

           

NetEx

Recommended for all industries

For international companies with one or more offices in China that require Internet access to sites blocked by the GFW such as Google, Facebook, Twitter, and Instagram.

ICP Registration Number:     Not Required 

 

V-IEPL

Recommended for International Enterprise, Developers – Gaming, Mobile, & App

V-IEPL is the answer for customers needing fast, secure, point-to-point connectivity to mainland China. Perfect for developers, V-IEPL requires local representation in China, but no ICP Registration Number. Like VPN, CDS’ V-IEPL offers fast, reliable connectivity from anywhere in the world to mainland China.

ICP Registration Number:    Not required
However, a local representative with a local address and a phone number is required.

 

Mirror Hosting

Recommended for e-Commerce and International Enterprise

When staying connected is critical; Mirror Hosting is the answer.  For the customer who needs both dynamic and static caching, Mirror Hosting provides a secure, reliable connection to mainland China with PLTs of <3 seconds. No redesign of websites, or loss of connectivity to 3rd party support systems such as CRMs and completely compatible with Google fonts and analytics.

ICP Registration Number:    Required
To apply for registration, each company must have a local representative with a local address and a phone number.

 

Contact Us for a Free Consultation

We can customize a solutions to your needs!

© 2016 CDS Global Cloud. All rights reserved. Site by JSL.