China’s new cyber law could impede data transfers

Author: Brian Yap | Published: 22 Mar 2017

Foreign investors should transfer all personal and transactional data out of China before the country introduces its first cybersecurity law, according to advice given by a panellist at IFLR Asia M&A Forum on 2 March.

The first cybersecurity law, which will come into force in July, imposes an obligation on data processors to keep data defined as personal as well as critical information onshore. Critical information encompasses business information, such as emails and chats, which PRC authorities will be able to access based on the new regime.

Sandrine Virginie Hilaire, managing director at Mei Hua Consultancy in Hong Kong, argued that while some rulings are needed to see how the Chinese courts and authorities would interpret the law, foreign investors should prepare themselves for it.

"I would advise to transfer all data before implementation of the law as it would be very difficult to transfer data collected and...