China’s Cyber Data Security Rules can primarily be found in the following China laws:

• Cybersecurity Law (CSL)

• Data Security Law (DSL)

• Personal Information Protection Law (PIPL)

 

Although the CSL has been around since 2015, DSL and PIPL are each less than a year old, and have given rise to much concerns, particularly in relation to the impact they have upon movement of data (personal and otherwise). However CSL and DSL also relate to treatment of data onshore (within China).

 

In this talk I will review the data exit rules, and how to navigate them, as well as the security requirements for data held onshore. I will then offer my thoughts as to how the interplay between China and overseas data laws may develop over the coming years.