中国-新加坡联合数据合规指引：实务手册

Practical Handbook Disclaimer Important Notice: This document is provided solely as a general informationalguide and does not constitute legal or other professional advice. In the event ofany conflict or inconsistency between the Chinese and English versions, theChinese text shall prevail for the China Chapter, and the English text shall prevailfor the Singapore Chapter. China-Singapore Joint Data Compliance Guide: Practical Handbook(hereinafter, the“Guide”) are a non-profit collaborative project jointly led by the Shenzhen DataExchange and the Asian Business Law Institute (ABLI), and prepared with the supportof volunteer expert contributors. The purpose of theGuide is to provide generalreference information and guidance for individuals and organizations engaged inbusiness activities in China and Singapore, or otherwise interested in data complianceand protection. The contents of theGuide are based on publicly available information and thecontributors’ understanding of the relevant laws and regulations as of the date ofpublication. The editors and contributors have made reasonable efforts to ensure theaccuracy,completeness,and timeliness of the information contained herein.Nevertheless, laws and regulations in the field of data privacy and compliance arecomplex, subject to frequent change, and open to varying interpretations. Accordingly,theGuidemay not cover all relevant details and may not fully reflect the most recentlegal developments, regulatory requirements, or practical changes. TheGuidedo not constitute, and should not be relied upon as, legal, accounting,investment, or other professional advice of any kind. The information herein is not asubstitute for professional tax, accounting, legal, or other advice tailored to specificcircumstances. Readers should consult qualified professional advisers and providethem with all relevant facts before making any decision or taking any action related todata compliance. The editors and contributors make no express or implied representations or warranties as to the completeness, accuracy, or timeliness of the information contained in theGuide, including, without limitation, any warranties of functionality, merchantability, orfitness for a particular purpose. The editors and contributors disclaim any liability forerrors or omissions, or for any actions taken or not taken, or any consequencesarisingfrom reliance on any part of theGuide. The use of theGuideis subject to the following conditions: •TheGuideare provided solely for informational reference and shall not be usedfor any commercial purpose.•Any reproduction or dissemination of theGuide, in whole or in part, must clearlyindicate the source and acknowledge the non-profit collaborative nature of theproject.•The editors reserve the right to amend, update, or withdraw theGuideat anytime without prior notice.•By accessing, reading, or using theGuide, you acknowledge that you haveread, understood, and agreed to all terms of this Disclaimer. China Chapter Foreword In today's world, the digital economy is flourishing, and data has become the coreengine driving economic growth and social progress. Consequently, the cross-borderflow of data is now an established trend. Building upon the development of the"International Data Hub" and the China-Singapore (Shenzhen) Smart City Initiative,both nations have achieved significant outcomes in areas such as data export and themutualrecognition of digital identities.The entry into force of the RegionalComprehensive Economic Partnership (RCEP) in 2023 and the establishment of theChina-Singapore Digital Policy Dialogue mechanism have further accelerated digitaltrade and data cooperation between the two countries. However, while facilitatingbusiness operations, the cross-border flow of data also presents challenges related topersonal information protection, the disclosure of commercial secrets, and risks tonational security. 3/196China has established a scientific and efficient regulatory system centered on theCybersecurity Law of the People's Republic of China, the Data Security Law of thePeople's Republic of China, and the Personal Information Protection Law of thePeople's Republic of China, complemented by regulations such as the Provisions onPromotingand Regulating Cross-Border Data Flow.Singapore,meanwhile,hassolidified its position as an Asia-Pacific data hub based on its Personal Data ProtectionAct. The legal systems of the two countries feature both synergies and differences,placinghigher compliance demands on enterprises.To properly manage thecompliance risks associated with cross-border data flows for businesses expandingoverseas, Shenzhen is further advancing the spirit of the Implementation Plan for theComprehensive Pilot Reform of Shenzhen as a Pilot Demonstration Area for Socialismwith Chinese Characteristics (2020-2025). The city is exploring efficient, convenient,and secure mechanisms for cross-borderdata flow by building a "1231" service system(one act