Day two at PrivSec Global began with an exploration of China’s Data Security Law and its implications for global business.

Led by talk host, Yasmin Hinds, Global Privacy Lead and Legal Counsel at Pontoon Solutions, a panel of experts dissected the new law and assessed the risk of overseas businesses incurring fines and even having trading permits revoked as the Chinese government implements its new standards.

Wenxun (Wendy) Pang, Data Security and Privacy Protection Expert, underlined how Chinese regulators will be able to take action, such as issuing fines which could reach up to 1 million CNY (£113,372.80 GBP). Those responsible for violations may even face personal and criminal liabilities, even a jail term.

Commenting on the broader picture, Virat Patel, Managing Director, Pioneer Consulting Asia-Pacific, said:

“I think that we’re at an early development stage of this law. A lot of markets in Asia take the lead from China in regards to digital services. Given that what’s at least known, it seems the sanctions are big and the personal liabilities are huge. Aside from spooking the markets, there’s a broader question how it’s going to stifle businesses and entrepreneurs.

“With all the uncertainty there is, right now, there is a lot of unease amongst digital service companies,” Virat added. 

Dr Rogier Creemers, Assistant Professor in the Law and Governance of China at Leiden University, underlined how the developments are not about creating “a fundamental right to privacy, although they may help entrepreneurs to “create better systems.”

Rogier said:

“On the lack of detail in the law, it is vague it lacks detail however it does not exist within a vacuum. China is a much more admistration driven system. The cyberspace administration of china is very likely to come out with implementations in the next 3 years with more detail.”

Describing China’s efforts to improve security, Wendy said:

“I think it’s a great signal for progress. China does care about data protection and privacy, so I’m excited for the Chinese data industry.

Commenting on what China’s law means, Virat said:

“Most of the world takes lead from the EU with GDPR. The EU was ahead of everyone else and got organised. When we look at other jurisdictions, the US has a different scheme in place and nowhere near where GDPR is.”

Singapore is a tiny market but gets noticed in Asia because of the city state’s digital lead. Another big market is India; they seem to be at the start of their data protection and privacy laws. It’s a kaleidoscope of regulation in this space. 

“I’m hoping that with this clarity that you get from China, hopefully it will have a stimulating effect rather than setting businesses back but in the near-term there seems to be a lot of uncertainty.”

Rogier said:

“If you’re a foreign company and you don’t have a lot of knowledge, hire consultants, get good advice. We don’t have all the details yet but we have all the principles.”

“Demonstrate yourself to be a good corporate citizen. If you are a good corporate citizen you shouldn’t be in too much trouble but you should be watching developments like a hawk within other sectoral associations.”


Missed a session? No problem - all sessions will be available on demand on