Data export restrictions are now the norm in many Southeast Asian countries and obviously no less so in the EU. But China is clearly the leader in this domain. Its regime for cross-border data transfers is the most comprehensive and detailed, and only China has the administrative tools and capacity to effectively police compliance. The restrictions on cross-border data flows have the potential to cause increasing headaches and liability issues, particularly for multinational companies (MNCs) whose entire operating model often depends on a "seamless" integration of resources and data sharing.

On 22 March 2024, the Cyberspace Administration of China (CAC) finally issued the Provisions on Promoting and Regulating Cross-border Data Flows which were meant to simplify the data export compliance process and reduce some of the administrative burden. Yet, in practice, these rules do not appear to bring the relief that the community had hoped for.

The idea of the workshop is to provide a quick guide to the constantly expanding system of laws, regulations and national standards, often overlapping and sometimes contradictory. The main part of the workshop will be devoted to current administrative practice, the preparation required and potential strategies to answer the regulatory hurdles with a reasonable investment of time and money.

• Cybersecurity Law, Data Security Law, Personal Information Protection Law, MLPS, Security Assessment Provisions, Standard Contract Provisions – Understand the legal framework and what is relevant for your company.
• Identify the systems, operations and back-office functions involved in cross-border data flows: HR, customer relationship management, finance and controlling etc.
• Identifying personal information transfer scenarios, types of personal information, means and purposes of the overseas processing of personal information. Do you need to prove the "necessity" of providing personal information overseas?
• What are important data, state secrets and other protected information? Who has authority to define and classify them? How do the rules intersect with export controls.
• Learn how to run a data transfer compliance project by following the official guidance. Overview of the key components of data transfer compliance. Who should be on the project team? Timelines.
• How does the filing process work in practice?