Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

Busting the Myth: Compliance with the ‘Gold Standard’ of the GDPR Does Not Buy You a ‘Free Pass’ Under China’s New Personal Information Guidelines

By Andrew McGinty, Mark Parsons, Jun Wei, Roy Zou, Sherry Gong, Jessie Xie & Maggie Shen on November 14, 2018
Email this postTweet this postLike this postShare this post on LinkedIn
GDPR new

On December 29, 2017, the Standardization Administration of China, jointly with the PRC General Administration of Quality Supervision, Inspection and Quarantine, issued the Information Security Technology – Personal Information Security Specification (GB/T 35273-2017, “Specification”), which officially came into effect on May 1, 2018.

Although the Specification is only a recommended (as opposed to a mandatory) national standard, we have in the months since its introduction seen regulatory authorities in China point to the Standard as providing a more granular and specific treatment of the generally-worded data protection requirements set out in the PRC Cyber Security Law that came into effect on June 1, 2017 (“Cyber Security Law”). The Specification has, in very practical terms, become an important point of reference in evaluating the complex overlay of data protection compliance requirements found in the Cyber Security Law, the Law on the Protection of Consumer Rights and Interests, the e-Commerce Law, and other enactments and measures.

Organizations are increasingly taking the Specification into account in assessing compliance requirements on the ground in China. Given the current tensions in international trade, demonstrations of strict compliance in sensitive areas of Chinese regulations are as important now as they have ever been. The introduction of the Specification also comes at a time when public awareness of data protection appears to be on the rise in China, with consumers more likely to demand that their rights in personal data be respected.

In order to place the Specification in context internationally, we have drawn important points of comparison to the EU’s General Data Protection Regulation, a frame of reference which can be especially useful to organizations who have completed their GDPR implementation programs and now wish to develop an appropriate program for China.

Originally published as a client alert on November 6, 2018. To view our complete analysis, click here.

Photo of Andrew McGinty Andrew McGinty
Read more about Andrew McGintyEmail
Photo of Mark Parsons Mark Parsons
Read more about Mark ParsonsEmail
Photo of Jun Wei Jun Wei
Read more about Jun WeiEmail
Photo of Roy Zou Roy Zou
Read more about Roy ZouEmail
  • Posted in:
    Featured Posts, Privacy & Data Security
  • Blog:
    HL Chronicle of Data Protection
  • Organization:
    Hogan Lovells

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Tennessee Insurance Litigation Blog
  • Claims & Sustains
  • New Jersey Restraining Order Lawyers
  • New Jersey Gun Lawyers
  • Blog of Reason
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo