Foreign investors should transfer all personal and
transactional data out of China before the country introduces
its first cybersecurity law, according to advice given by a
panellist at IFLR Asia M&A Forum on 2 March.
The first cybersecurity law, which will come into force in
July, imposes an obligation on data processors to keep data
defined as personal as well as critical information onshore.
Critical information encompasses business information, such as
emails and chats, which PRC authorities will be able to access
based on the new regime.
Sandrine Virginie Hilaire, managing director at Mei Hua
Consultancy in Hong Kong, argued that while some rulings are
needed to see how the Chinese courts and authorities would
interpret the law, foreign investors should prepare themselves
"I would advise to transfer all data before implementation
of the law as it would be very difficult to transfer data