Regulations governing the digital arena are rapidly changing the world over, and nowhere is this truer than in China. This presents a fresh set of challenges for MNCs. Global companies have invested heavily in global IT systems to allow data to cross borders with ease. China’s push for data sovereignty requires MNCs to rethink their data strategy once again. During a recent IMA Asia forum for China CEOs, a participant commented,
‘China is in a tug of war with the world and our data strategy has to change. Talk of banning WeChat or TikTok in the US is an indication of things to come. Digital decoupling is happening, and it is stretching global businesses to find a balance between the two sides.’
Complicating matters, each region is looking at data governance in a slightly different way.
‘For China, data is something to be controlled (for national security). For the EU, data is something to be protected (for individual privacy). The United States sees data as something to be commercialised (to boost bottom lines).’
For China, cybersecurity is a national security issue
China’s focus on controlling data for national security purposes means that companies face serious consequences if they fail to comply, even inadvertently, with cybersecurity regulations. Compounding the risk is that China’s definition for what constitutes national security is much broader than in most western countries.
‘Governments in Europe and the US often define national security as something related to military matters. China emphasises social stability and economic development. For example, certain financial information about private national champions and SOEs falls under the umbrella of national security.’
Firms that never regarded their data as tied to national security concerns are taking a second look, for instance:
- An elevator manufacturer collects elevator performance data via sensors for maintenance purposes. The company locates some of the sensors in sensitive hotspots such as airports and government buildings.
- An oil and gas company collects and sends data overseas on energy trends and prices. The data often contradicts official narratives.
- An HVAC company provides air conditioning to data centres. They then send the performance data to a global R&D centre.
Broaden responsibility for cybersecurity
Senior leaders need to put in place a cybersecurity plan. The responsibility for this task must go beyond just the head of IT or government affairs (GA). In one case, the police detained the head of R&D head. That person was the only one who fully understood the data ecosystem. That left the remaining managers to fumble and pick up the pieces. This highlights that no person or team should be solely responsible for the data infrastructure in China. As one IMA Asia member explained,
‘If a visit by the police catches a firm unaware, it is often because only the government affairs team was responsible for monitoring policy and regulations. GA professionals lack the background to fully understand technical cybersecurity standards. In many cases, they take too long to comply and have to scramble to catch up, losing the opportunity to work constructively with the police.’
Keep Data In China for China
With the risk of non-compliance proliferating, MNCs are moving their IT system entirely to China for China. Establishing a China data cloud is a notable example. The benefits are two-fold. It helps a firm to move towards full compliance with Chinese regulations and it helps protect global assets.
‘When the regulator puts a black box on your IT system, make sure your data is not connected to your global IP system. You can reduce a lot of the risk from investigations and audits, if you have already localised your IT system.’
Localising systems or backing away from global initiatives, such as global shared services centres, can be difficult and costly in the short term, but are an investment in the long-term potential of the China business.
Click on ‘Deep Read’ at the top of the page to learn more about how companies are ringfencing their digital assets in China.