PRC Cyber Security Legal Advisory
PRC Cyber Security Law compliance requires cooperation of lawyers, IT specialists and data experts. Accordingly, we can offer a one-stop service which is critical for your success.
In the majority of projects we develop a multi-phased framework consisting of the following:
Pre-assessment Preparation - Assisting the employees of your company to understand the regulatory requirements for cross-border data transmission and identify the cross-border data transmitting scenarios performed as:
• Cyber Security Law awareness program and training
• Cross-border data transmitting scenarios identification
Legal Assessment - Providing legal analysis regarding whether your company is CII and the data to be transferred contains personal information or important data and assess on the purpose of the data transmission.
• Critical Information Infrastructure (“CII” assessment
• Data assessment
• Purpose of data transmission assessment
Compliance Assessment – Providing logical assessment to company’s compliance capability and current control activities and evaluate the gap in risk-based perspective.
• Compliance capability and activities assessment
• Gap assessment
Action Plan - Developing action plans on the various actions needed in order to be not only complaint but also implementing sustainable improvement plans to ensure practical and defensible security controls and activities.
• Action plan
• Improvement plan
Implementation - Provide consulting service and assistance during the implementation of action plan. Such as:
• Respond to your questions on ad hoc basis
• Drafting and updating documentation including policies, notices and contract terms to comply with the personal information protection provisions.
• Developing frameworks, strategy, guidelines, controls, and procedures to review and maintain on-going compliance.