Dealing with Third Parties

of between RMB 10 000 and 100,000 (EUR 1 300 to EUR 13
000). The directly responsible management personnel can
also be ned between RMB 5 000 and 50 000 (EUR 650 to
EUR 6500).
Critical information infrastructure (CII) operators
CII Operators have similar duties, however the observation of
these will be stricter and the required standards higher. For
example, as a CII operator, you must put in place emergency
response plans and train and evaluate your employees with
regards to network security. You must also have a disaster
and recovery plan including conducting backups of important
systems and databases. Further, it is mandatory to set up
specialized security management and appoint persons
responsible for it as well as conduct security background
checks on such persons.
Despite being mandatory, these measures could
be seen as guidance for IP protection. To protect
condential information like trade secrets you
must take protective measures to avoid the
information being accessible for third parties. You
can demonstrate to the courts that you’ve taken
appropriate cybersecurity measures in case of
cyberattack by complying with the CSL. Network
Operators can follow the minimum duties, for
example, having an anti-virus soware in place,
should be enough, however CII Operators need
to follow higher standards. Compliance with local
legal cyber security standards is sucient for
enjoying legal trade secret protection in China.
Data privacy is an integral part of the CSL that all companies
doing business in China should pay attention to.
1. Denition of personal information
The CSL denes personal information as “all information
recorded via electronic or other means that can be used to
independently identify or be combined with other information
to identify natural persons’ personal information”. Examples
include natural persons’ names, date of birth, ID number,
biologically identied personal information, address and
phone number.
2. Obligations related to the protection of personal
The CSL determines how network operators must handle
personal information in every stage of data management,
from collection to storage.
Data collection
Personal information should be collected in compliance with
principles of legality, propriety and necessity. For example,
the information you collect should not be excessive –
meaning that you are forbidden to collect and store personal
data that are not strictly necessary given the purpose of the
data collection. You must obtain individuals’ consent when
collecting, using, disclosing and conducting cross-border
transfer of their personal information.
4. SMEs’ obligations related to data privacy
Compliance with Cyber Security Law and
its impact on IP protection

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT