Translator：Jiang Wenyu

At the invitation of Shanghai Qijia Network Information Science&Technology Co.,Ltd. ("Qijia Network", H.K1739), a well-known domestic home decoration Internet enterprise, Mr. Ding Xueming, a senior partner of Shanghai Landing Law Offices, who focuses on the protection of personal information and data compliance, gave a training on the protection of personal information for Qijia Network in the afternoon of December 21, 2021. More than 20 key personnel from Qijia Network, including senior vice presidents in charge of business, technology, and legal affairs, participated in the training. Xiao Chaowen, a senior partner at Landing Law Offices and Qijia Network 's Perennial Legal Adviser, also attended the training session.

Lawyer Ding Xueming has been deeply involved in the field of network security and data compliance for many years. He specializes in providing legal services related to data compliance and litigation under laws such as the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. He has provided data compliance services to multiple Internet companies, e-commerce companies, and cross-border logistics companies, and has extensive practical experience in data security and data compliance. In this training session, Lawyer Ding Xueming introduced the legal system and background of data compliance in China, analyzed the legal requirements for data compliance, and provided suggestions for establishing a data compliance framework for enterprises.

This year, with the introduction of laws, regulations and rules related to data security and personal information protection, such as the Data Security Law, the Personal Information Protection Law, and the Regulations on the Security Protection of Critical Information Infrastructure, various systems in the field of cybersecurity have been gradually established and increasingly improved, and therefore 2021 is also known as the "Year of Cybersecurity Governance". Therefore, 2021 is also known as the "Year of Cybersecurity Governance", and the importance China attaches to cybersecurity can be seen. Against this backdrop, it is particularly necessary to raise enterprises' awareness of data compliance through training, and to help them better understand the new regulations, interpret the new policies, and cope with future challenges.

During the training, Mr. Ding introduced the legislative process and regulatory system of China's network compliance, and discussed the necessity of data compliance from the perspectives of network security and data law enforcement focus, common law enforcement triggering situations, and penalties. Combined with the special characteristics of Qijia Network's e-commerce enterprises, he made targeted analysis on the basic rules of data processing, especially the page design of the privacy policy, and introduced cases of non-compliance with the collection of personal information and the illegal use of data, to enhance the enterprises' attention to the protection of personal information, as well as put forward reasonable suggestions on the response and treatment methods in the event of a personal information security incident. In terms of building an enterprise data compliance framework, Lawyer Ding believed that companies should establish a data compliance system. In terms of technology, companies should establish a product development and design concept that prioritizes data compliance. In terms of internal institutional construction, companies should establish a data compliance department to achieve tripartite collaboration between the legal department, technology department, and external lawyers. Regular compliance training should be conducted, and emergency plans should be formulated to respond to sudden personal information security incidents. It is also important to maintain necessary communication and exchanges with regulatory authorities.

At the end of the training, Mr. Ding had a lively discussion on data compliance with the participants, and the training was a great success.