Navigating Cross-Border Data Rules: A Practical Guide for EU SMEs

webinar| 21 May 2024

Sign up and benefit from our entire range of free services

If you sign up today you’ll be able to

  • Access to tailored advice through our Ask-the-Expert tool
  • A library of over 200 publications
  • Practical business tools
  • A network of trade promotion and business support partners
  • A comprehensive database of service providers with contact information

In this video, cross-border data regulation experts share insights on the business implications and the steps SMEs should take to adhere to the new “Regulations on Promoting and Regulating Cross-Border Data Flows”. Barbara Li, Partner at Reed Smith Beijing Office, and Tom Nunlist, Associate Director at Trivium China, explain the key provisions and changes brought by the new Regulations. Their keynote presentations are followed by a panel discussion during which they answer questions from the audience with Nathaniel Rushforth, Senior Data Security & Compliance Consultant Shanghai Office at Dezan Shira & Associates.

Video chapters

Introduction

– A few words on the EU SME Centre

Overview and Key Provisions of the New Regulations

– Barbara Li, Partner, Reed Smith Beijing Office

The Big Picture on Cross-Border Data Regulation

– Tom Nunlist, Associate Director, Trivium China

Panel discussion

– Experts Barbara Li, Tom Nunlist, and Nathaniel Rushforth answer questions from the audience

Background information

The Cyberspace Administration of China (CAC) has recently introduced the “Regulations on Promoting and Regulating Cross-Border Data Flows”, which came into effect on 22 March 2024, replacing previous regulations from 2022. These new Regulations bring about significant changes, such as relaxed timelines, reduced documentation requirements, and exemptions for data transfer, especially concerning employee data. They also provide more flexible thresholds for standard contracts and security assessments. Additionally, free trade zones now have the authority to create their own negative lists for data transfer activities.

Despite the perceived relaxation and clarity brought by the new Regulations, it is crucial to emphasise that stringent compliance requirements persist. Factors like cybersecurity, data security, and Personal Information Protection (PIP) rules are still strictly enforced, necessitating compliance efforts like data mapping, legal documentation, and privacy policies.

This video is the recording of a workshop organised by the EU SME Centre and European Union Chamber of Commerce in China in May 2024.

Speakers and panellists
Barbara Li
Partner, Reed Smith Beijing Office

Barbara is a seasoned partner based in Beijing with nearly thirty years of experience in senior legal roles at top international firms in Beijing and London. She also has a background in business consultancy services at PwC. Barbara specializes in advising international and Chinese companies on conducting business in China and globally, focusing on complex M&As, joint ventures, and foreign direct investment in various industries. She has a particular interest in the cyber, data, technology, and FinTech sectors, with expertise in navigating China’s evolving legal landscape. Barbara is recognized as a Certified Information Privacy Professional and is highly regarded in the Chinese market as an eminent data/tech lawyer. She has received numerous accolades and awards in the legal industry and is a sought-after speaker at international conferences. She served as the vice chair of the Cybersecurity Sub-Working Group and the Construction Working Group of the EU Chamber of Commerce in China for several years.

Tom Nunlist
Associate Director, Trivium China

Tom Nunlist is Associate Director at Trivium China, a leading Chinese policy research consultancy. Tom’s research focuses on the intersection of politics and technology in China, with a sub-specialty in the emerging area of data security and governance. Tom’s hands-on consulting work with fortune 100 clients covers policy analysis, risk assessment, government relations, and communications.

Nathaniel Rushforth
Senior Data Security & Compliance Consultant Shanghai Office, Dezan Shira & Associates

Nathaniel Rushforth is Dezan Shira & Associates’ Senior Data Security & Compliance Consultant, based in Shanghai. He holds a Juris Doctor and a Bachelor’s in computer science.

Prior to joining DSA, Nathaniel gained more than a decade of experience as a practicing lawyer, specializing in tech-related IP, cybersecurity, and China-related data compliance matters.

Nathaniel’s educational and practical background in computer engineering, software, and regulatory compliance allow him to engage with global companies to assess and solve compliance problems related to their businesses in China.

Sign up and benefit from our entire range of free services

If you sign up today you’ll be able to

  • Access to tailored advice through our Ask-the-Expert tool
  • A library of over 200 publications
  • Practical business tools
  • A network of trade promotion and business support partners
  • A comprehensive database of service providers with contact information