What should companies concerned with data protection in China do to operate securely while maintaining compliance with local law?
For companies operating in China, the security of sensitive corporate data is of utmost concern, just as it is anywhere in the world. The Cybersecurity Law of the People’s Republic of China was enacted in 2017 and raised more than a few North American eyebrows with its infamous Article 37, which states that data, including personal information, must be stored within China’s borders. Failure to comply can result in fines as well as the revocation of business licenses. In order to safely store your insights in the market, here are the top three steps you must take to ensure data protection in China and maintain its integrity and security with minimal leakage.
Work with a service provider that doesn’t share data with third parties
Personal and sensitive data can be stored by third-party services providers who meet security protocols while simultaneously adhering to China’s regulatory restrictions. Amazon Web Services (AWS) is one example.
Make sure your cloud-based data is encrypted
It is possible to encrypt data in China just as it is in other regions of the world, with the understanding that in China, encryption falls within the purview of the Office of State Commercial Cryptography Administration (OSCCA). Only OSCCA-approved products are sanctioned for use in China, so make sure you report your encryption and receive proper clearance before you apply it.
China requires a license to import cryptography tools, so make sure you have one in place before using cryptography tools.