Not sure if anyone has much expertise in the upcoming China Cybersecurity Law with effect in the end of May 2018. There are many classifications for businesses who do businesses in China.
Its best to consult a Legal Officer based in China. My current organization is classified as a Network Operator, but bear in mind, it does not mean you are a network service provider there. It means that you have servers and network connectivity out of China.
Some of the items that I am aware of is that if you are classified as a network operator, you would need to host/have a copy of your China employee PII Details in China, Network Monitoring logs of up till 6 months stored in a server hosted in your China office/datacenter and same for your Cybersecurity Monitoring logs for your China Offices network operations.
A China born breed CSO would need to be appointed to report any breaches as well. The China Cybersecurity Law is classified as a criminal law and the CSO can be arrested and a maximum fine of up till 1million RMB will be imposed on the Organization.
Wondering if there are others alike with me facing challenges like this and how do you tackle these Challenges?
I'm facing similar challenges with providing our services in China. Although we are not housed in China, we do have tenants using our hosted platform in Singapore with branch offices within Chinese perimeters. I'm trying to set-up a line of communication and knowledge sharing with our hosting partners about this kind of laws in South East Asia, as China is not the only country getting more closed off by the day, but so far it has been difficult to find experts on this.