How will China's GDPR-like Cybersecurity Law impact business?

China’s new Cybersecurity Law (CSL) may overlap with GDPR, but could still deliver the opposite effect from the intended one

China’s new Cybersecurity Law (CSL) might have been a long-time coming, but it’s all set to have a major impact on the way foreign firms do business in the Middle Kingdom. This being China, however, nothing is quite as it first appears. A law ostensibly created to bring China into line with global best practices on cybersecurity could end up having the opposite effect if the government decides to ask for IP, source code and other details as part of ‘national security’ spot-checks.

It could even run the risk of many such firms being shunned in the West and raise concerns that Chinese agents are stockpiling exploits in their products and systems.


Improving security standards

The Cyberspace Security Law of the People's Republic of China, to give it its full title, finally came into force in June this year. On paper, it contains some important best practice provisions for “network operators” to prevent data leaks and breaches and any damage or unauthorised access. These are neatly summarised by the China Law Blog as:

  • Appoint dedicated network security personnel and develop internal security management systems/policies
  • Adopt measures to prevent computer viruses, cyber-attacks, network intrusions etc.
  • Set-up network logs and ensure you retain them for at least six months
  • Classify, back up and encrypt important data

There are also some important new stipulations designed to protect consumer data, some of which overlap with the new EU GDPR:

To continue reading this article register now