Information and data have become priceless in this globalized and dynamic world. However, technology is rarely as simple as it seems. Working with and managing data is sensitive and requires more than discretion. As such, governments have elaborate data laws, such as the PIPL or the Chinese Personal Information Protection Law.
With data moving across borders, ensuring that your work is legally sound is burdensome. Moreover, laws are subject to change, and the legal scenario is in constant motion. Hence, staying up to date with data law and information security is crucial for companies, but receiving updates is far from easy.
What Is Data Law?
Many businesses are service-oriented, and they collect and manage user information. With targeted marketing and optimization algorithms, such data is priceless; however, the use and security of this data concern users. As such, governments and states enact laws that determine how parties should collect data, what data they can procure, and to what extent parties are responsible. Failure to comply with these data laws often results in fines, lawsuits, and prohibition of service provision in some cases!
How Do Companies Keep Up With Data Laws?
In-House Lawyers
Attorneys usually keep up with legal developments and inform companies of drastic legal changes that may require changes in data management. Having in-house legal assistance ensures regular communication and closer working between service and law.
Outsourcing Legal Matters
Some companies prefer to outsource legal advice. While such a decision can apply more pressure on legal teams to remain on top of matters, and it mitigates damage resulting from negligence, it is less safe. Even though the alternate legal company could bear the responsibility towards the service provider, the providers manage heavier obligations towards their users.
Newsletters
Numerous sources provide newsletters focusing solely on data law, security, and management updates. Such newsletters are incredibly informative and help companies keep up with the dynamic data scenario.
What Is PIPL?
Almost all international companies deal with the Chinese Personal Information Protection Law. The global hotspot has numerous domestic companies and other Chinese subsidiaries set up by multinational corporations.
This law covers all aspects of data collection, processing, and storage. Moreover, it mandates that companies abide by them, and services failing to do so may face suspension.
Officers
Every business undertaking personal information collection needs to appoint a specific data protection officer who manages or oversees every aspect of data collection, processing, and security. This personal information officer is similar to a Data Protection Officer (DPO) for personal information. So, foreign businesses must set up representatives via agencies in China for the same since not doing so can leave them open to more risks.
Processing
Collected data is subject to a few rules while looking at overseas processing. Once authorities deem any information critical to national security, companies must ensure local storage. Such information cannot leave the country. Moreover, only Critical Information Operators must oversee these applications.
Security
Data security has become increasingly crucial at present. With numerous hackers and entities seeking to make a profit at someone else’s expense, users entrust companies with data that should be secure. And PIPL mandates that companies have an optimal data security system for personal information.
China also possesses a Multi-Level Protection System to determine government involvement. They assess the impact in the case of a cybersecurity incident and classify businesses into Levels 1-5, 1 being the lowest, while Level 5 solely comprises state military institutions. So, before starting applications in China, countries must prepare for these evaluations as they determine operating functions for the team and the organization.
