Smart city and communication network concept

Technology and Data Connect: Digitization opportunities, security challenges and response strategies

Photographic portrait of EY Greater China
EY Greater China

Multidisciplinary professional services organization

5 minute read 20 May 2022

Ensuring effective data governance and data security is the prerequisite of fostering economic integration among the Greater Bay Area (GBA) as well as the cross-strait three regions.

Three challenges:

  • Different legal systems in Guangdong, Hong Kong and Macau create higher compliance challenges on enterprises
  • The current capability to comply is insufficient to cope with security challenges
  • Different internet, technical and security standards and users’ habits in Guangdong, Hong Kong and Macau lead to higher difficulty in security safeguards

China’s State Council formulated the Outline Development Plan for the Guangdong-Hong Kong-Macau Greater Bay Area (“Development Plan”), and it was stated that by 2035, the GBA should become an economic system with mode of development mainly supported by innovation. To be in line with the planning with digital as the development engine, the GBA already gradually laid down requirements in developing data governance and security and implementation initiatives concerned, providing strong support for accelerating the flow of data between governments and enterprises, among enterprises, and across borders. However, while enterprises enjoy convenience in the GBA, they at the same time face greater challenges.

How EY can Help

First challenge

From a legal perspective, the GBA comprises three different jurisdictions, each of which have different laws and regulations on cybersecurity, privacy protection and cross-border data transfer. There are both similarities and differences. Enterprises in the GBA are therefore constantly facing challenges over data security compliance.
 

Privacy protection

  • Organizations need to integrate these provisions on three sides to build a unified system to collect, use and process personal information.
  • Develop privacy policies and statements applicable to three sides and make modifications based on regulatory differences and scopes of services.

Cross-border data

  • Establish standard contract terms for cross-border data flow, define the responsibilities, rights and obligations of senders and recipients, and develop relevant protection measures. 
  • Engage an independent third party to obtain Data protection certification.
  • Make clear laws and regulations on cross-border data flow and maintain close relationships with competent authorities.
  • Sort out data derived from operation and cross-border scenarios that may be involved.
  • Establish cross-border data transmission mechanism within the organization.
  • Improve internal control system for data security and make self-assessment.
     

Second challenge

Under the conflicting and complicated legal environment, many enterprises don’t have sufficient capability in compliance. Those capabilities include security compliance culture, organization structure, human resources, compliance management framework and execution mechanism and cybersecurity and privacy compliance capability, etc.

Organizations need to build up security management capacity to prevent and resolve security threats while considering compliance capability. 
 

Data security management

  • Identify important data within the organization and standardize the formats for important data description.
  • Develop classification and grading standards and build differentiated management requirements and technology-based protection strategy.
  • Evaluate security capability and establish data security management system to sustain standard management of data lifecycle. 

Cybersecurity management

  • Develop organization-wide security management system.
  • Stablish a compliance training mechanism for all employees and build an effective performance assessment mechanism.
  • Establish processes and mechanisms for reporting non-compliance and security breaches and ensure the mechanisms operate smoothly while processes are optimized and improved on an ongoing basis.
     

Third challenge

There are differences in the internet and other conditions in Guangdong, Hong Kong and Macau. Being exposed to complicated internet conditions, to protect information assets is challenging to enterprises.

Enterprises should enhance security protection and establish a good foundation for network resilience. As the most practical security standards, grade-based security protection system can help organizations improve security capability and demonstrate to regulators that their operations can meet China’s security obligations no matter where they are within the region. Apart from the grade-based security protection system 2.0, organizations can also refer to relevant international standards according to their specific situations to build a good foundation for network resilience and establish a security-oriented proactive defense and perception mechanism.

Summary

Only with early planning and thoughtful considerations can organizations achieve sustainable growth while enjoying favorable policies.

Related articles

Financial and Currency Connect: Development and prospect

The Guangdong-Hong Kong-Macao Greater Bay Area (GBA) is one of the regions with the highest degree of openness and economic vitality in China. Only by further strengthening regional financial integration and building an integrated financial system and infrastructure, the allocation of resources can be optimized, and the ability of the GBA to provide financial services to the real economy can be enhanced.

EY Greater China

Health Connect: Overview of biomedical infrastructure and policies in 11 cities of the Greater Bay Area

Promoting the development of the Biomedicine industry is of great significance to China’s realization of a strong technological power and a healthy China strategy.

EY Greater China

Infrastructure Connect: A joint new era for Hong Kong and Shenzhen

Transport infrastructure plays a critical role in facilitating economic development. This article explores the Government’s transport infrastructure development vision and strategies in the Greater Bay Area (GBA), focusing on Hong Kong and Shenzhen.

EY Greater China

Talent and Entrepreneur Connect: Talent steers your journey in the future international innovation and technology hub

The Outline Development Plan (“the Outline”) for the Guangdong-Hong Kong-Macao Greater Bay Area (GBA) delineates the blueprint for the GBA’s future development and fosters close partnerships among the nine cities and two special administrative regions within the GBA. The associated policy supports provide new propulsion for further expansion into this vast market and enablement to leverage the GBA as a world-class innovation and technology hub.

EY Greater China

ESG Connect: Current landscape and recommendations for ESG disclosure in the Greater Bay Area

The topic of ESG is gaining momentum around the globe, and without exception in the Greater Bay Area.

EY Greater China

    About this article

    Photographic portrait of EY Greater China
    EY Greater China
    Multidisciplinary professional services organization
    Related topics
    Greater Bay Area
    Technology

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.