Five steps Chinese companies should take towards GDPR compliance

Chinese companies with operations in Europe have been asking themselves: "Are we ready for the EU's new General Data Protection Regulation (GDPR)?"

GDPR, which comes into effect this Friday (25 May), is widely recognized as the most stringent regulation of its kind in the world. It is a comprehensive framework which aligns different data protection regulations across the EU, promotes individuals' greater control over their personal data, and aims to improve data controllers' compliance through monetary and reputational measures.

According to Deloitte China National Leader of Cyber Risk Services Tonny Xue, GDPR will impact many areas of Chinese companies operations and investments in Europe, especially their legal and compliance, technology and data policies.

"Privacy strategies, resourcing, and organizational controls will need to be revised, and boardrooms will need to be engaged more than ever," Xue explains. "How companies use technology for information security and other compliance initiatives will need to be reconsidered, with costs potentially rising. And, although information management has always supported privacy initiatives, GDPR requires new activities linked specifically to compliance demands."

Deloitte recommends five steps to prepare for the impact of GDPR:

  1. Readiness assessment: Render a clear picture of where your organization stands with respect to GDPR and develop a roadmap to improve compliance.
  2. Tailored transformation: Use the readiness assessment to ensure optimal preparation for GDPR.
  3. Data processing inventory: Gain an overview of all data and insights into the risks attached to data processing.
  4. Data protection impact assessment: Ensure new projects and initiatives abide by GDPR privacy requirements.
  5. Third party data policy: Establish a policy for dealings with third parties to minimize the risks of data breach or non-compliance with GDPR.

Deloitte is recognized as a leader in privacy and security with 12,000 IT risk consultants and 3,000 security professionals worldwide. Its European Privacy Academy consists of more than 500 IAPP certified individuals dedicated to EU privacy protection compliance.

Deloitte China is committed to helping companies comply with data protection regulations. It has established a dedicated team with comprehensive expertise in leading privacy programs for large, complex organizations. In a recent GDPR implementation for a leading e-commerce company, the Deloitte China Cyber Service team assisted in establishing and perfecting a privacy protection framework for the client's global operations.

Did you find this useful?