Chemical firms have been operating in China as long as any
industry and have watched the business environment transform from
an unregulated Wild West to a regulatory environment that is not
all that dissimilar from that of the United States or Europe. With
this transformation, China operations now may face compliance
issues that would not have been relevant a decade ago.
Data privacy protection is one such issue. A patchwork of laws
currently governs data protection; a new, more comprehensive
statute is likely to be adopted next year.
Data Protection In China Today
China does not have a single national comprehensive law to
protect privacy and personal data. Instead, a number of different
laws regulate the disclosure and dissemination of individual data
including bank customer records, credit status, rating and history
data and tax data. Businesses involved in data collection and
processing need to be aware of the various applicable local and
national laws to incorporate appropriate possible safeguards for
personal data in China operations.
This current legal regime is cumbersome and insufficient in
light of the size and growth of China's economy. A new law
under consideration for the protection of personal data imposes
many obligations and restrictions on handling personal data that
can be found in the data privacy laws of other jurisdictions
including Hong Kong and the European Union. It regulates data
processors (governmental and nongovernmental) regarding their
collection and processing of personal data including the
international transfer of personal data outside China. Although
this law remains in the draft stage, its existence provides
guidance for developing a data protection program that could
accommodate a new PRC data protection law with minimal changes.
China will likely adopt some form of data protection law over
the next 12 to 18 months. The following guidelines can help your
business be prepared for data protection compliance in China:
Assess the types of personal data your company collects,
processes and transfers.
Inform individuals of your intent to collect their personal
data and the intended uses of the data.
Limit the use of personal data to those directly related to the
stated purpose of collection.
Make sure data are not kept longer than necessary.
Make sure appropriate security measures are in place to protect
collected and transferred data including data encryption and
confidentiality obligations for employees who handle personal
Appoint a data privacy officer to develop and manage your
personal data compliance program including individual requests to
access and correct data and to ensure adherence to applicable
Make efforts to integrate data protection throughout your
An inevitable consequence of development and industrial progress is generation of waste. Therefore, efficient waste management is a matter of international concern.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).