Translator：Zhang Xiaotong

On September 1st, the "Data Export Security Assessment Measures" will mark its first year of formal implementation.

After a year of regulatory law enforcement exploration and the successive implementation of new rules such as the "Standard Contract Measures for Personal Information Export", corporate and enterprise data exports are facing increasingly specific compliance supervision. Violators will be subject to administrative penalties or legal liabilities.

For various situations, China's compliance pathways for data export have formed three types: Data Export Security Assessment, Personal Information Protection Certification, and Record-filing of Standard Contracts for Personal Information Export.

Pathway to Data Export Compliance

For entities involved in data export activities, especially foreign-funded enterprises in China, and businesses in fields such as airlines, e-commerce, infrastructure, energy, and manufacturing that operate overseas, actively conducting risk self-assessment and reporting for data export is a legal obligation. However, the actual operation process is fraught with challenges.

From risk self-assessment to reporting, it is not an easy-to-complete systematic task. It involves sorting out businesses, coordinating with multiple departments, in-depth research into relevant regulations and standards, reserving network and data security technologies, accumulating experience in regulatory liaising, and so forth.

Relying solely on an in-house team or a single capability service provider can hardly support the entire project. This often leads to issues like unclear business sorting, incomplete data asset identification, misalignment in export links, insufficient explanations on the necessity and legitimacy of data export, and inadequate data protection capabilities to meet regulatory requirements.

According to public data, only a dozen or so companies have passed the assessment review of the State Internet Information Office, with an approval rate of about 1%. The low pass rate may be due to the fact that law enforcement practices are still being explored, but it also reflects the strictness of the approval process.

To address the challenges faced by enterprises in complying with data export safety regulations, Shanghai Landing Law Offices has teamed up with Wangsu Security. Together, they have formed a seasoned legal consulting + data security technical support team. By integrating a unified data export compliance governance tool, they offer a one-stop solution for data export compliance, helping corporations and businesses to systematically carry out data export reporting activities.