Sullivan Willoughby Provides Cybersecurity Law Advice to Multinational Corporations

The cybersecurity law imposes a series of new data security, privacy, and cross-border data transfer regulations on multinational businesses

Sullivan Willoughby, a leading international law firm that offers a full range of legal services, having a large scale, specialized expertise, standard management system, international presence, and a well-known brand, as well as an explicit shared values-based culture of client service and professionalism, is pleased to announce the effects of cybersecurity law awareness through an overview of the law’s essential standards as well as a road map for global corporations assessing their legal obligations and responsibilities.
The cybersecurity law’s main legal criteria are divided into three categories: data security; personal information protection; and cross-border data transfers. All network operators doing business locally must comply with fundamental regulations pertaining to these three categories, according to the law. The cybersecurity law defines network operators broadly to include network owners, administrators, and network service providers, which relates to nearly any company that runs an internal computer network.
The cybersecurity law prioritizes privacy protection and places restrictions on network operators in terms of data collection, usage, storage, and protection. It defines “personal information” broadly as any data that, alone or in combination with other data, identify an individual.
Despite the fact that earlier iterations of the cybersecurity law featured stringent data localization requirements, the final version of the law does not prevent network operators from sending data internationally. Instead, the cybersecurity law enables network operators to freely transfer data unless it contains personal information or critical data, in which case network operators must first complete a security self-assessment of the risk of data transmission to a foreign party.
“Employees must be adequately trained in order for a company’s cybersecurity system to function correctly. We recommend giving data security and privacy protection training to all employees in the region, as well as additional security training for key employees”, said Zhao Kimora, Senior Associate at


About Sullivan Willoughby serves clients across a wide range of complex transactional, litigation, and regulatory concerns. We are known for our expertise in the energy, financial services, real estate, retail, and consumer products industries, as well as our outstanding experience in distinct areas of practice, including privacy and cybersecurity, intellectual property, environmental, mergers and acquisitions. Our full-service litigation business is one of the largest in the region, with special expertise in key markets. Companies, individuals, governments, and institutions from all industries that make up today’s global economy are among our clientele. We bring together multi-disciplinary teams with substantial industrial, legal, and strategic planning expertise to develop customized solutions that address current challenges while minimizing future risks. 

Source link