China's new Cybersecurity Law ("new Law") is set to come into effect on June 1, 2017, and introduces sweeping provisions that may have a significant impact on companies doing business in and with China, including life sciences companies. To provide guidance on a controversial data localization requirement introduced in the new Law, the Cyberspace Administration of China released on April 11, 2017, draft Measures for Security Assessment of Outbound Transmission of Personal Information and Important Data ("draft Measures") for public comment. The draft Measures are sparking outcry from the international community, but are expected to come into force on June 1, 2017, largely unamended. The deadline for submissions is May 11, 2017, just three weeks before the new Law takes effect.
A Jones Day White Paper provides an overview of the new compliance obligations the new Law imposes and also takes a close look at the draft Measures giving guidance on the data localization requirements.
Companies should take careful note of this new privacy and cybersecurity landscape to ensure their business practices align with legal and regulatory requirements. The new Law and the draft Measures could substantially increase the costs for China-based companies that process China personal information and engage in cross-border transfers.