Strategies for Data Compliance in China Whitepaper

The Chinese Mainland offers substantial business opportunities for medium to large multinational corporations. It is the second largest economy in the world by nominal GDP and first by purchasing power parity. China’s GDP is larger than its next four competitors combined, grew at 5.2% in 2023—far faster than most other economies of its scale. Business cases are often made on total addressable market or on market growth, and China is a leader in both.

However, there are also business risks associated with the Chinese market—including data laws and regulations. The Cybersecurity Law was passed in 2017, followed by the Data Security Law and the Personal Information Protection Law in 2021. These laws significantly changed the nature of doing business in China. Regulatory conditions continue to become more nuanced and complex at an increasing speed, including semi-annual reviews by the Cyberspace Administration of China.

It is often complicated for multinationals to comply with these regulations promptly. Enterprise IT projects can be significantly longer than the semi-annual periods of regulatory updates. In that time, companies are expected to:

• Classify all data, even that which does not go to China, including the level of sensitivity

• Undergo a security assessment by the Cybersecurity Authority of China (depending on the scale of the operation)

• Build and obtain approval on many technical and resource items, including:

- Finding a legal approach to comply with Chinese regulations
- Communicating with local regulators
- Procuring software
- Staffing a local team to ensure local compliance regulations are met
- Establishing new services and configure the relevant apps
- Planning, testing, and executing a data and code migration
- Onboarding users

Corporations need to choose strategies that are resilient to regulatory change, enable growth in the China market, and allow business alignment between their Chinese Mainland operations and the rest of the world. There are steps and strategies corporations can take now to conduct business in China while protecting customer data and addressing regulatory and legal concerns.

Want to find out more?

To continue your discovery on how Deloitte can meet your data compliance needs , please visit our dedicated webpage.

Note: The Strategies for Data Compliance in China Whitepaper is appropriate for medium to large corporations with significant business or plans to expand in the Chinese mainland.