top of page
Abstract Structure

Cybersecurity & Data Protection

© Copyright

Our cybersecurity and data compliance group has been a pioneer and leader in China, boasting a wealth of experience in various fields, such as cybersecurity, privacy, and data protection. In addition to hands-on practice, our group has long been active in legislation and academic activities, most notably the research and drafting of the Cybersecurity Law, the Regulations on Protection of Critical Information Infrastructure (draft for comments), the Data Security Law (draft), and the Personal Information Protection Law (draft). By closely cooperating with data compliance experts worldwide, we can offer our clients one-stop services for global data compliance. Having handled a great number of mandates in this area, we have formed unique methodology for data compliance. Our extensive experience in precision marketing, face recognition, online payment, Internet of Vehicles (IoV), Internet of things (IoT), cloud computing, big data, artificial intelligence (AI), blockchain, etc. has equipped us with acumen to effectively combat challenges within complex legal and regulatory frameworks. Our clients operate in a variety of industry sectors, including finance, IT and internet, telecoms, mobile payment, intelligent connected vehicles, big data, life sciences and big health, media, energy, aviation, chemical industry, and manufacturing.

Scope of Services

Services include:

Data security and privacy protection

  • Establishment of enterprise data management system

  • Drafting and revision of privacy policies, corporate data management rules, response rules for requests from personal information subjects, data processing agreements, and other data related documents

  • Localization and cross-border transmission of data

  • Classified and tiered data management

  • Security assessment of cross-border data transmission

  • Impact assessment of personal information security

  • Data breach emergency response

Listing, investment, financing, and M&A relating to technology projects

  • Data compliance due diligence

  • Risk identification and solutions for pre-IPO data compliance

  • Support for response to pre-IPO regulatory inquiries

  • Support for negotiations on data trade


  • Establishment of cybersecurity compliance system

  • Cybersecurity multi-level protection scheme

  • Formulation of business cybersecurity rules

  • Cybersecurity incident response plan

  • Implementation of real-name system

  • Formulation of network products and services procurement rules

  • Designing of cybersecurity management measures

  • Cybersecurity compliance training

  • Handling of cybersecurity incidents

Protection of critical information infrastructure (CII)

  • CII identification

  • Designing of CII protection system

  • Equipment procurement and construction management of CII system

  • Designing of CII security personnel and accountability system

  • Cybersecurity review

Administrative investigation cases and prevention of criminal liabilities

  • Identification of criminal risks associated with cybersecurity and data protection and formulation of related compliance guides

  • Provision of solutions and participation in emergency response to regulatory investigations and inquiries into cybersecurity issues

  • Formulation of cybersecurity incident response plans

Big data and cloud computing

  • Compliance analysis and compliance model designing for cloud service models, such as PaaS, SaaS, IaaS, and BaaS

  • Compliance of procurement of cloud computing and big data products and services

  • Support for assessment of cybersecurity classified protection

  • Compliance analysis for new business models, products, and services in collection, use, aggregation, transfer, sharing, etc., of data

Internet finance (ITFIN) and e-commerce

  • Financial data compliance

  • Compliance analysis of cross-border transmission of financial data

  • Compliance governance of e-commerce platforms

  • Compliance of new-type e-commerce data

  • Compliance and protection of e-merchants

Autonomous driving, AI, IoV, and IoT

  • Counseling and compliance review for autonomous driving, IoT, and AI business

  • Internet map services

  • Data compliance framework designing

  • Market access of and comprehensive solutions for IoV and IoT

General Data Protection Regulation (GDPR) compliance

  • Analysis of GDPR application

  • Review of and assistance in drafting privacy policies for EU-related websites/products and terms and conditions applicable to EU consumers

  • Formulation of technical measures and organizational measures to protect the rights of data subjects

  • Analysis and design for transmission routes of cross-border data

  • Counseling on the appointment of data protection officers (DPOs) and EU representatives

  • Response to data breach incidents

  • GDPR training

bottom of page