The pandemic may be fanning headwinds against the global economy, but China’s economic resilience has allowed the country to sail into it. We see this in its post-pandemic recovery: with China’s economy projected to grow by 8.5% in 2021—a 73% increase from its GDP growth of 2.3% in 20201.
This growth is no stroke of luck. China’s robust online ecosystem, with an entrepreneurial landscape that encourages innovation, has sustained the country through its darkest days. It’s no wonder why it is one of the world’s largest digital economies: China is home to nearly one billion internet users with ecommerce sales reaching US$1.7 trillion in 20202.
Western businesses are taking cues from China’s successes as they look to transform their own businesses. As the world’s attention turns towards the country’s digital opportunity, many foreign companies are looking to expand their footprint into the Chinese market.
But making this step will not be easy. The Regulatory Great Wall of China is notoriously difficult to overcome, a big part due to China’s laws and regulations on data localization.
For one, both domestic and foreign companies must keep data related to local customers and operations within the country. This is due to the Data Security Law (DSL) and Personal Information Protection Law (PIPL)—data laws that were enforced during the second half of 2021—built upon the groundwork of the Cybersecurity Law that was in place since 2017. This is a push towards greater data security, pointing to China’s plans for implementing broader, yet more stringent regulations, alongside heftier penalties.
Then there are complications for businesses outside of China. Take the DSL as an example. The DSL is about restricting invasive data collection. Under it, companies need to deliver higher protection for important data and core state data. But these are still being defined: it may even differ across local provinces and governments.
On the other hand, the complexity of complying with the PIPL—which contains provisions that require companies to submit any cross-border data transfers to the Cyberspace Administration of China for assessment—stems from lack of clarity.
One such instance is the unclear parameters for government approvals of cross-border data transfers and hazier details when fulfilling pre-conditions for processing personal data. Language barriers play a significant part of the problem. Complying with massive regulatory requirements can be tough if you don’t understand these Chinese laws, especially since many are not translated to English. It gets even more complicated than it should, given how opaque law enforcement can be.
Failure to comply despite your best efforts may spell fines of up to 50 million yuan (approximately US$8 million), with the possibility of suspension, revocation of business licenses, and even jail time. Walmart recently received a stern warning for violating the Cybersecurity Law when 19 cybersecurity loopholes were discovered in its network.
Navigating China’s labyrinthine regulations is a hefty undertaking. It is essential to approach it with a keen understanding of local market and cultural nuances. More than just a deep understanding of the regulatory requirements, they will also have to comprehend the full breadth of China’s technology, language, culture, and customs. Some questions they need to address are:
Even existing China-based MNCs may be blindsided by such changes. One of the largest Dutch materials handling companies[IN1] , despite operating in China for many years, was unaware of the new regulatory shifts. It was only alerted to the laws when its partner, QTS Global, contacted them as part of its education programme to ensure MNCs in China are meeting these regulatory requirements.
The Dutch company saw the urgency in complying with the new regulatory requirements especially for its regional sites. With QTS Global, it quickly reviewed the implications of DSL, PIPL, and the Cybersecurity Law through an internal review of its data processing and storage methods. As a result, the Dutch materials handling company was able to stay ahead of the regulatory changes in China.
This shows just how critical it is to have a guide with up-to-date information of China’s rigorous data governance standards to help manoeuvre an organization towards success, especially amid stringent travel restrictions and guidelines.
Such a partner should have deep roots in Asia Pacific so it can confidently deliver consultancy services. IT consultancy firms with IT experts on the ground in China are ideal; for businesses looking to secure their operations and expand their presence in the Chinese market, such partners can help bridge the market and cultural gap between headquarters and their regional teams.
China poses significant growth opportunities, but only for those who dare scale the Regulatory Great Wall. It may seem like a daunting and complex undertaking to break into the market but the right partner with deep local expertise and global experience by your side can go a long way to unlocking the country’s potential.
Learn how business can address China’s new regulatory requirements here.
1 The World Bank, “The World Bank in China”, https://www.worldbank.org/en/country/china/overview#1
2 McKinsey & Company, “The Future of Digital Innovation in China: Megatrends Shaping One of the World’s Fastest Evolving Digital Ecosystems”, https://www.mckinsey.com/featured-insights/china/the-future-of-digital-innovation-in-china-megatrends-shaping-one-of-the-worlds-fastest-evolving-digital-ecosystems