China’s new cybersecurity law forbids citizens’ personal data to be stored outside China

China’s new cybersecurity law forbids citizens’ personal data to be stored outside China

UK firms running web services in China will not be able to store critical personal data of Chinese citizens on servers outside China, according to China's new cybersecurity law.

Businesses not complying with China's new cybersecurity law may face closure of their activities in China and their websites could be blacklisted.

The UK sees China as a major trading partner and the government believes that the country will give UK firms a fresh boost following the UK's exit from the European Union. During the unveiling of China's 'Belt and Road' initiative in Beijing earlier this year, Chancellor Philip Hammond said that Britain and China were 'natural trading partners' and that Britain would benefit immensely from China's new economic vision.

UK firms perform better than European ones in dealing with security incidents: IDC

However, China recently passed a new cybersecurity law which may put an enormous strain on UK firms conducting business in the country. The new law envisages that critical personal data of Chinese citizens cannot be stored outside China without express permission from the Chinese government.

The law is binding on international firms that run web services in China and these include network operators and critical information infrastructure operators. These operators run web services for various multinational firms who otherwise find it hard to run similar services due to firewall restrictions and language barriers in China.

According to The Information Age, China's new cybersecurity law can impact 'manufacturing, business services, tourism, media, online advertising, or gaming services' that run web services in China. Companies that host cloud-based services in China will also have to adhere to the new law.

US firm pays $115mn as data breach settlement; UK firms totalled £3.2mn last year

'If businesses do not comply with the new legislation, they risk having their Bei’An license revoked, and their website blocked. Every website in China requires a Bei’An license to operate, and re-acquiring the license can be very difficult. What’s more, a business’ website won’t be back up and running until the license has been re-acquired,' the website warned.

It adds that hosting web services outside China is also not a good idea as the great internet firewall of China causes long load times which make such attempts unviable. As such, adhering to the law will not only ensure their survival in China but will also make it easier for businesses to communicate with and to offer products and services to Chinese consumers.

Many UK firms and operators conducting business in China are not aware that they are affected by the new law, and many of them do not know how to ensure compliance. The sooner businesses are aware of the threat and take steps to ensure compliance, the better it will be for their future prospects in the second largest economy in the world.

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles