2019 is the year of Data Compliance. Compliance system to Multinational Corporations is the immune system. What common issue Multinational Corporations have been, are and will be confronted with is the world’s increasingly-tense regulatory environment and an ever-changing weather of international economy and politics. It is obviously seen with the high frequency of Cyber & Data Legislative actions with the trend: On June 1, 2017, The First Comprehensive Cyber Security Law of the People’s Republic of China officially came into force; On May 25, 2018, the ever-strict GDPR came into force; Right after GDPR, American CAPP publicized and takes effect on January 1, 2020. On January 1, 2019, “Notice on the special governance of the collection and use of personal information by App in violation of laws and regulations” was jointly issued by CAC, Ministry of Industry and Information Technology, Ministry of Public Security, State Administration for Market Regulation. On May 13, 2019, MLPS 2.0 was officially released and to be implemented officially on December 1, 2019; April the 17th, 2019, GDPR, Regulation (EU) 2019/881 OF THE EUROPEAN PARLLAMENT; On 2019 May 28, CAC Issues Administrative Measures for Data Security (Draft for Comments); In a time of 5G, what could be the new challenges on privacy compliance and data compliance and how we should prepare for it. 2019 June 3rd, The Cyberspace
Association of Certified Fraud Examiners (ACFE), founded in 1988 by preeminent fraud expert and author, Dr. Joseph T. Wells, CFE, CPA., with its headquarter in Austin, Texas, The ACFE is the world's largest anti-fraud organization and premier provider of anti-fraud training and education. Together with more than 85,000 members, the ACFE is reducing business fraud world-wide and inspiring public confidence in the integrity and objectivity within the profession. ACFE’ China’s General Chapter is in Beijing, other Chapters include Shanghai, Guangzhou, Shenzhen, Hong Kong.
Prime Vest HJ is affiliated to International Institute of Professional Development Ltd(acknowledged by Hong Kong Government with HKTDC’s CEPA Certification). With the headquarter in Shenzhen founded in 2014 and after 14 years of development Prime Vest HJ has set up in multiple offices domestics and abroad as in Beijing, Shanghai,Guangzhou,Shenzhen,Singapore, Hong Kong, Los Angeles, Europe.
8:30 am – 9:00am
2 Years-Latest Regulatory Developments & Guidelines of China Cyber Security Law: Implications for Businesses
· Recently released clarifications, provisions and obligations
· Lessons learned and pitfalls to avoid from recent enforcement cases
· Suggestions of complying with new requirements taken in order
· Knowing the regulatory enforcement structure: Ministries, Government Bodies, Authorities
· Upcoming drafts and standards to expect from the regulators
· Proactive measures businesses can adopt to prepare for pending update
Keynote Speaker：International Leading Law Firm
9:00am - 9:30am
MLPS 2.0: Insights and Compliance Strategies + Outbound Personal Information Security Evaluation
· Governance and Strategies
· Cyber Defense
· Cyber Response
· Compliance of Personal Information under GDPR and China Data Laws
· Common Scenes
· Agreement on cross-border Personal Information Transfer
Keynote Speaker：Leading Service Provider
9:30am - 10:10am
Panel Discussion: Complying with the Regulations of Cross-Border Data Transfer and Data Localization
· How do we companies sort out our data?
· Which data to collect and retain?
· Identifying which data is for cross-border transfer
· Ensuring the compliant data transfers with eligible coordinated procedures
· How do we do security self-assessment
· What should we prepare for On-Site Official Inspection Search
Microsoft, Cloud Security/Privacy Lead
China Eastern Airlines,DPO
GE，Chief Compliance officer of Power China
Moderator: Managing Partner of Leading Law Firm
10:10am – 10:30am
Tea Break & Networking
10:30am – 11:10am
Due Diligence to third party in compliance of data protection and managing the 3rd party (relying solely on items of contract won’t guarantee 100% liability-free)
Keynote Speaker：International Leading Law Firm
11:10am – 11:50am
Data Localization and Cross-border Data Transfer – Latest Development, Questions and Practical Approach
1.Recent development on legislation of data localization and cross-border data transfer
2.Difficult situations in practice and questions raised
3.Regulatory enforcement actions and trend
4.Proactive measures businesses can adopt to prepare for pending updates
Keynote Speaker：Xiao Dong A partner of the JunHe Law Firm in Beijing
11:50am – 12:10am
Prevention and Investigation of Data Leakage & White Collar Crime
Keynote Speaker：FBI/International Expert for White Collar
12:10pm – 01:30pm
01:30pm – 02:10pm
Panel Discussion: Under the China Cyber Security Law and GDPR, How to Legally Collect, Store & Transfer “Personal Information” & “Important Data”
The identifying of “Personal Information” vs “Important Data” Avoiding duplication of complying effort
How to lawfully collect and obtain consent on “Personal Information” and “Important Data”
When is the transfer of personal data and important data allowed and when is it prohibited?
Existing data localization provisions in sectoral regulations for specific industries and its impact
Ensuring compliance with VPN and encryption regulations CIIO or Network Operator? How to define your organization accordingly
IBM, Security Compliance Officer
L'Oréal China, Data Privacy Officer
Amazon, Sr. Compliance Manager
Novartis, Head of Dara Privacy China
Alipay , Director of Legal
Moderator：Partner of Leading Law Firm
02:10pm – 02:40pm
Clearing the Next Compliance Hurdle: California’s Consumer Privacy Act (CCPA)
Using the EU’s GDPR as a point of reference, Bob will provide an overview of California’s newest consumer privacy regulation, the CCPA. This will include: Basic structure of the CCPA
Key differences between CCPA and GDPR
Consumer class actions a near certainty for reported breaches
CCPA dramatically changes the calculus for reporting “incidents”
Speaker: Robert E. (Bob) Cattanach
02:40pm – 03:00pm
Anti-Data Leakage Investigation
Keynote Speaker：Discovery scientist
03:00pm – 03:10pm
Tea Break &Networking
03:10pm – 03:40pm
Human Genetic Resources Management Regulations
Keynote Speaker：Leading Law firm
03:40pm – 04:10pm
Cloud Computing Services Security Assessment Measures
Keynote Speaker：Leading Law firm
04:10pm – 04:40pm
How is GDPR's Impacting on Internal Investigations
Keynote Speaker：Investigation Expert
04:40pm – 05:10pm
Complying with Cybersecurity Multi-Level Protection Scheme (MLPS) Requirements
Clarifying definitions of classifications under the draft MLPS
Key cyber security protection obligations under the draft MLPS
How to establish internal security systems and internal policies to ensure network protection
Monitoring and information retention: Tips for recording your network’s operational status
Developing a network security incident emergency plan and a disaster recovery system
How to perform a compliance readiness assessment
Keynote Speaker：International Leading Consulting Firm
Panel Discussion: Are we left with no choice but to choose which law to break? The Tricky Game of “Copies of Data Demanding vs Prohibition of Data Export”
Frequently seen as in legal investigations and disputes, one jurisdiction is requiring copies of particular data and information, and the other one where the data are located prohibit its export. Very often companies are stuck between choosing whose laws to break, as compliance with both is impossible.
Phillips, Principal Scientist and Privacy Lead
China Eastern Airlines, DPO
Microsoft, Azure Support Delivery Manager & Cloud
Moderator：Partner of Law firm
Introduction of Speaker: Bob set comes from decades of experience as a trial lawyer, and he maintains an active trial docket in courts around the country. Even the best compliance practices can occasionally fall victim to skilled hackers. When (unfortunately not if) this occurs, Bob’s trial-honed ability to craft a compelling narrative that explains the client’s compliance efforts and commitment can mean the difference between constructive regulatory dialogue versus potentially crippling sanctions. Bob is also a much-sought-after commentator and contributor to professional and journalistic coverage of cybersecurity issues, ranging from the New York Times and USA Today and numerous electronic media to various professional publications and blogs.
Ms. Dong is a partner in the Beijing office and specializes in the areas of foreign direct investment, mergers and acquisitions, and telecom, internet, high-tech and data privacy and information law.
In her corporate and M&A practice, Ms. Dong guides inbound investors through all stages of operation in China, from market investigation to market entry and business expansion (including incorporating PRC entities, mergers and acquisitions, business permits and applications, corporate restructuring and compliance issues).
She also advises clients on all aspects of matters involving new technology and data, with a special emphasis on information privacy (consumers, employees, and patients), data security and breaches, and international data transfers. In these businesses, she has gained an understanding of new business models and technology, such as targeted advertising, internet payments, telematics, IoT, cloud computing, medical biology and blockchain, so as to help clients navigate China’s complex and sector-specific policy and regulatory landscape.
Yuan He is the Doctor of Law and the senior visiting scholar at Georgetown University. He is the executive director of Data and Information Law Research Center and associate professor of Law school at Shanghai JiaoTong University, as well the founder of DataLaws and secretary-general of the Shanghai Administrative Law Society, the senior counsel of T&C law firm. He has provided various types of legal services to dozens of listed companies and has also served temporary positions at government agencies and courts. He has extensive theoretical and practical experience in compliance of data privacy and cyber security.
Dorsey & Whitney LLP, (known as Dorsey), is an American law firm with over 500 lawyers, and a similar number of staff, located in 20 offices in the United States, Canada, Europe, and Asia. The firm's headquarters is in Minneapolis, Minnesota, where it was founded. As of 2019, Dorsey is led by managing partner William R. Stoeri. The firm's lawyers have included several prominent public figures, including former U.S. Vice President Walter Mondale. Well-known multinationals, government entities, financial institutions and growth companies turn to Dorsey to deliver in the increasingly small world of global business.
JunHe, founded in Beijing in 1989, is one of the first private partnership law firms in China. Since its establishment, JunHe has grown to be one of the largest and most recognized Chinese law firms. The firm has twelve offices around the world and a team comprised of more than 800 professionals, including over 240 partners and legal counsel, as well as over 560 associates and legal translators.
They (JunHe) stand out with their expertise, strong academic foundation, and achievements.
—— Chambers Asia-Pacific 2019
Opportunity of Exposure into Resourceful Flows of Information，Genuine Commercial Demands, Professionalism & Provoking Thoughts, Establish Potential Connections
Getting a Whole Picture of Trends of Legislation for Data Protection and Cases Review of Enforcement & Regulations and
Generating a Comprehensive Solution Pragmatical Methods/Experiences for China Cyber Security Law and its relevant series, GDPR, CCPA,Third Party Due Diligence Operation
2 Years after Cyber Laws--Practical Methods and Experiences for Compliance of Data Localization, Cross-border Transfer
Avoiding Compliance Conflicts in Multiple Regulations in Jurisdictions
Learning the effective way of Prevention and Investigation of White Collar Crime of Data Leakage