Conference Overview

2019 is the year of Data Compliance. Compliance system to Multinational Corporations is the immune system. What common issue Multinational Corporations have been, are and will be confronted with is the world’s increasingly-tense regulatory environment and an ever-changing weather of international economy and politics. It is obviously seen with the high frequency of Cyber & Data Legislative actions with the trend: On June 1, 2017, The First Comprehensive Cyber Security Law of the People’s Republic of China officially came into force; On May 25, 2018, the ever-strict GDPR came into force; Right after GDPR, American CAPP publicized and takes effect on January 1, 2020. On January 1, 2019, “Notice on the special governance of the collection and use of personal information by App in violation of laws and regulations” was jointly issued by CAC, Ministry of Industry and Information Technology, Ministry of Public Security, State Administration for Market Regulation. On May 13, 2019, MLPS 2.0 was officially released and to be implemented officially on December 1, 2019; April the 17th, 2019, GDPR, Regulation (EU) 2019/881 OF THE EUROPEAN PARLLAMENT; On 2019 May 28, CAC Issues Administrative Measures for Data Security (Draft for Comments); In a time of 5G, what could be the new challenges on privacy compliance and data compliance and how we should prepare for it. 2019 June 3rd, The Cyberspace

Administration is soliciting public opinions until July 13 on draft measures for security evaluations of outbound personal information. On July 2, 2019, the National Four Departments, the Cyberspace Administration of China, the National Internet Information Office, the National Development and Reform Commission, the Ministry of Industry and Information Technology and the Ministry of Finance jointly formulated and promulgated the《Measures on Cloud Computing Services Security Assessment》.CCPA becomes effective on January 1, 2020. It is also continuously seen that data leakage events emerge one after another. The environment for Multinational Corporations are continuously evolving to a new complex. Multinational Corporations’ compliance strategy & system must therefore evolve along with the situation given to. Naturally the 2019 China Data Regulatory Compliance Summit is going to be held with the above-mentioned background.

ACFE Introduction

Association of Certified Fraud Examiners (ACFE), founded in 1988 by preeminent fraud expert and author, Dr. Joseph T. Wells, CFE, CPA., with its headquarter in Austin, Texas, The ACFE is the world's largest anti-fraud organization and premier provider of anti-fraud training and education. Together with more than 85,000 members, the ACFE is reducing business fraud world-wide and inspiring public confidence in the integrity and objectivity within the profession. ACFE’ China’s General Chapter is in Beijing, other Chapters include Shanghai, Guangzhou, Shenzhen, Hong Kong.

Summit Coordinator

Prime Vest HJ is affiliated to International Institute of Professional Development Ltd(acknowledged by Hong Kong Government with HKTDC’s CEPA Certification). With the headquarter in Shenzhen founded in 2014 and after 14 years of development Prime Vest HJ has set up in multiple offices domestics and abroad as in Beijing, Shanghai,Guangzhou,Shenzhen,Singapore, Hong Kong, Los Angeles, Europe.

BY INDUSTRY

Internet/IoT/
Internet of Vehicles
Finance
Telecommunication
Big Data Service
Health care & Life Sciences

Energy
Automotive
Public Service
Transportation
Hospitality & Hotel

Retail & FMCG
Express Delivery Industry
Law Firm/Legal tech/
Regtech
Law Enforcement/
Regulators

BY JOB TITLE

Head of Compliance/Legal/
General Counsel/In-house Counsel
Data Protection Officer/Privacy
and Data Compliance Director
Internal Audit/Investigation Execu-
tives/Risk Management & Control
Head of AML/Financial Crime/KYC

Loss Prevention/Security
Director & Manager
Sales/Marketing/BD Director & Manager
Information Security Officer/Chief Information Officer/IT Director
Purchasing/Supply Chain Director

Conference Speakers

8:30am

Welcome Speech
8:30 am – 9:00am

2 Years-Latest Regulatory Developments & Guidelines of China Cyber Security Law: Implications for Businesses · Recently released clarifications, provisions and obligations
· Lessons learned and pitfalls to avoid from recent enforcement cases
· Suggestions of complying with new requirements taken in order
· Knowing the regulatory enforcement structure: Ministries, Government Bodies, Authorities
· Upcoming drafts and standards to expect from the regulators
· Proactive measures businesses can adopt to prepare for pending update

Keynote Speaker：International Leading Law Firm
9:00am - 9:30am

MLPS 2.0: Insights and Compliance Strategies + Outbound Personal Information Security Evaluation · Governance and Strategies
· Transformation
· Cyber Defense
· Cyber Response
· Compliance of Personal Information under GDPR and China Data Laws
· Common Scenes
· Agreement on cross-border Personal Information Transfer

Keynote Speaker：Leading Service Provider
9:30am - 10:10am

Panel Discussion: Complying with the Regulations of Cross-Border Data Transfer and Data Localization · How do we companies sort out our data?
· Which data to collect and retain?
· Identifying which data is for cross-border transfer
· Ensuring the compliant data transfers with eligible coordinated procedures
· How do we do security self-assessment
· What should we prepare for On-Site Official Inspection Search

Panelists Microsoft, Cloud Security/Privacy Lead
China Eastern Airlines,DPO
Nokia,VP
GE，Chief Compliance officer of Power China
Moderator: Managing Partner of Leading Law Firm
10:10am – 10:30am

Tea Break & Networking
10:30am – 11:10am

Due Diligence to third party in compliance of data protection and managing the 3rd party (relying solely on items of contract won’t guarantee 100% liability-free)

Keynote Speaker：International Leading Law Firm
11:10am – 11:50am

Data Localization and Cross-border Data Transfer – Latest Development, Questions and Practical Approach 1.Recent development on legislation of data localization and cross-border data transfer
2.Difficult situations in practice and questions raised
3.Regulatory enforcement actions and trend
4.Proactive measures businesses can adopt to prepare for pending updates

Keynote Speaker：Xiao Dong A partner of the JunHe Law Firm in Beijing
11:50am – 12:10am

Prevention and Investigation of Data Leakage & White Collar Crime

Keynote Speaker：FBI/International Expert for White Collar
12:10pm – 01:30pm

Networking Luncheon
01:30pm – 02:10pm

Panel Discussion: Under the China Cyber Security Law and GDPR, How to Legally Collect, Store & Transfer “Personal Information” & “Important Data”
The identifying of “Personal Information” vs “Important Data” Avoiding duplication of complying effort
How to lawfully collect and obtain consent on “Personal Information” and “Important Data”
When is the transfer of personal data and important data allowed and when is it prohibited?
Existing data localization provisions in sectoral regulations for specific industries and its impact
Ensuring compliance with VPN and encryption regulations CIIO or Network Operator? How to define your organization accordingly

Panelists IBM, Security Compliance Officer
L'Oréal China, Data Privacy Officer
Amazon, Sr. Compliance Manager
Novartis, Head of Dara Privacy China
Alipay , Director of Legal
Moderator：Partner of Leading Law Firm
02:10pm – 02:40pm

Clearing the Next Compliance Hurdle: California’s Consumer Privacy Act (CCPA)
Using the EU’s GDPR as a point of reference, Bob will provide an overview of California’s newest consumer privacy regulation, the CCPA. This will include: Basic structure of the CCPA
Key differences between CCPA and GDPR
Compliance challenges
Consumer class actions a near certainty for reported breaches
CCPA dramatically changes the calculus for reporting “incidents”

Speaker: Robert E. (Bob) Cattanach
02:40pm – 03:00pm

Anti-Data Leakage Investigation

Keynote Speaker：Discovery scientist
03:00pm – 03:10pm

Tea Break &Networking
03:10pm – 03:40pm

Human Genetic Resources Management Regulations

Keynote Speaker：Leading Law firm
03:40pm – 04:10pm

Cloud Computing Services Security Assessment Measures

Keynote Speaker：Leading Law firm
04:10pm – 04:40pm

How is GDPR's Impacting on Internal Investigations

Keynote Speaker：Investigation Expert
04:40pm – 05:10pm

Complying with Cybersecurity Multi-Level Protection Scheme (MLPS) Requirements Clarifying definitions of classifications under the draft MLPS
Key cyber security protection obligations under the draft MLPS
How to establish internal security systems and internal policies to ensure network protection
Monitoring and information retention: Tips for recording your network’s operational status
Developing a network security incident emergency plan and a disaster recovery system
How to perform a compliance readiness assessment

Keynote Speaker：International Leading Consulting Firm
05:10pm-05:40pm

Panel Discussion: Are we left with no choice but to choose which law to break? The Tricky Game of “Copies of Data Demanding vs Prohibition of Data Export”
Frequently seen as in legal investigations and disputes, one jurisdiction is requiring copies of particular data and information, and the other one where the data are located prohibit its export. Very often companies are stuck between choosing whose laws to break, as compliance with both is impossible.

Panelists Phillips, Principal Scientist and Privacy Lead
China Eastern Airlines, DPO
Microsoft, Azure Support Delivery Manager & Cloud
Security/Privacy Lead
Moderator：Partner of Law firm

Conference Speakers

Keynote Speaker：Robert E. (Bob) Cattanach

Introduction of Speaker: Bob set comes from decades of experience as a trial lawyer, and he maintains an active trial docket in courts around the country. Even the best compliance practices can occasionally fall victim to skilled hackers. When (unfortunately not if) this occurs, Bob’s trial-honed ability to craft a compelling narrative that explains the client’s compliance efforts and commitment can mean the difference between constructive regulatory dialogue versus potentially crippling sanctions. Bob is also a much-sought-after commentator and contributor to professional and journalistic coverage of cybersecurity issues, ranging from the New York Times and USA Today and numerous electronic media to various professional publications and blogs.
Conference Speakers

Keynote Speaker：Ms. Dong

Ms. Dong is a partner in the Beijing office and specializes in the areas of foreign direct investment, mergers and acquisitions, and telecom, internet, high-tech and data privacy and information law.
In her corporate and M&A practice, Ms. Dong guides inbound investors through all stages of operation in China, from market investigation to market entry and business expansion (including incorporating PRC entities, mergers and acquisitions, business permits and applications, corporate restructuring and compliance issues).
She also advises clients on all aspects of matters involving new technology and data, with a special emphasis on information privacy (consumers, employees, and patients), data security and breaches, and international data transfers. In these businesses, she has gained an understanding of new business models and technology, such as targeted advertising, internet payments, telematics, IoT, cloud computing, medical biology and blockchain, so as to help clients navigate China’s complex and sector-specific policy and regulatory landscape.
Conference Speakers

Keynote Speaker：Yuan He

Yuan He is the Doctor of Law and the senior visiting scholar at Georgetown University. He is the executive director of Data and Information Law Research Center and associate professor of Law school at Shanghai JiaoTong University, as well the founder of DataLaws and secretary-general of the Shanghai Administrative Law Society, the senior counsel of T&C law firm. He has provided various types of legal services to dozens of listed companies and has also served temporary positions at government agencies and courts. He has extensive theoretical and practical experience in compliance of data privacy and cyber security.

Sponsors

Dorsey & Whitney LLP, (known as Dorsey), is an American law firm with over 500 lawyers, and a similar number of staff, located in 20 offices in the United States, Canada, Europe, and Asia. The firm's headquarters is in Minneapolis, Minnesota, where it was founded. As of 2019, Dorsey is led by managing partner William R. Stoeri. The firm's lawyers have included several prominent public figures, including former U.S. Vice President Walter Mondale. Well-known multinationals, government entities, financial institutions and growth companies turn to Dorsey to deliver in the increasingly small world of global business.

JunHe, founded in Beijing in 1989, is one of the first private partnership law firms in China. Since its establishment, JunHe has grown to be one of the largest and most recognized Chinese law firms. The firm has twelve offices around the world and a team comprised of more than 800 professionals, including over 240 partners and legal counsel, as well as over 560 associates and legal translators.
They (JunHe) stand out with their expertise, strong academic foundation, and achievements.
—— Chambers Asia-Pacific 2019

What will you take away from the 2019 CDRC

Opportunity of Exposure into Resourceful Flows of Information，Genuine Commercial Demands, Professionalism & Provoking Thoughts, Establish Potential Connections
Getting a Whole Picture of Trends of Legislation for Data Protection and Cases Review of Enforcement & Regulations and
Generating a Comprehensive Solution Pragmatical Methods/Experiences for China Cyber Security Law and its relevant series, GDPR, CCPA,Third Party Due Diligence Operation
2 Years after Cyber Laws--Practical Methods and Experiences for Compliance of Data Localization, Cross-border Transfer
Avoiding Compliance Conflicts in Multiple Regulations in Jurisdictions
Learning the effective way of Prevention and Investigation of White Collar Crime of Data Leakage