What is China's new privacy law? Does truelogic comply?

What is China's new privacy law?

China's National Standards on Information Security Technology - Personal Information Security Specification GB/T 35273-2017 went info effect May 1, 2018.

Some of the highlights are:

  • It’s a voluntary framework, but sets out best practices that auditors would expect to see if auditing a company.
  • It entails having consent for the use of contacts’ data, and consent is for the purpose expressed. So if you want to do more with the data or change how you are using it, you need to get consent again. And if someone does not consent to the additional aspects, you cannot stop providing the original service for which they did consent.
  • You need to provide location details in the privacy notices, as well as details about how information is stored/processed.
  • There are a number of items required under “Security and deletion” for controllers.
  • A reference to international data transfers states that separate regulations and standards are expected to cover them.

Does truelogic comply?

Yes! In general terms, our practices are aligned with the regulations. Specifically as a part of these new regulations:

  • We need to ensure we are able to provide adequate security to the information you share with us (which we do).
  • We need to be able to erase anyone’s data that has been collected (which we can do upon request via privacy@truelogic.com).
  • We need to notify you of data breaches (which we would do).
  • We need to remain informed on any forthcoming regulations regarding transferring data out of China (which we will do as we do store data outside of China for the purposes of providing our services).
NOTE: Specific conditions apply, and this article is not a substitute for legal advice. We strongly recommend you seek your own legal counsel regarding any compliance issues for your organization.