Data Protection

12345678910111213141516171819
Across
  1. 5. If a personal data processor gets sued for allegedly( )of an individual’ rights and interests in personal information and fails to prove that it was not at fault, it shall be liable for damages.
  2. 7. In addition to data and privacy laws, there are other layers of Chinese( )that may impact data processing activities.
  3. 9. Domestic individuals and entities storing data in the PRC may not provide such data to foreign( )or enforcement agencies without Chinese regulator’s prior approval.
  4. 12. The Personal Information Protection Law( )the personal data protection rules previously scattered across different laws and regulations.
  5. 13. Processors are only permitted to process sensitive personal information if it is for a specific and( )purpose and demonstrates necessity.
  6. 16. In addressing cross-border( )of personal information, the Personal Information Protection Law requires processors to perform an impact assessment.
  7. 18. The ( )or illegal use of “sensitive personal information” would easily cause harm to the dignity of individuals or serious damages to the safety of individuals or properties.
  8. 19. Under the Data Security Law and the Personal Data Protection Law, Chinese regulators can exert( )over overseas activities if certain criteria are met.
Down
  1. 1. “National( )data,” means data that concerns national security, people’s livelihood in general or important public interest, or is crucial to national economy.
  2. 2. It defines “personal information” as any information recorded in digital or other forms that relate to identified or identifiable natural persons, excluding( )information.
  3. 3. The Personal Information Protection Law also sets out a series of penalties for( ).
  4. 4. Under the Provisions on Administration of Automotive Data Security in August 2021, “important data” in automotive industry includes data on traffic and( )flow.
  5. 6. If other data processors need to transfer important data outside the PRC, they must follow the security rules to be established by regulators( )to the Data Security Law.
  6. 8. “Anonymization” means an( )process in which personal information is processed in a manner that has made it impossible to associate such information with any specific individual.
  7. 10. Depending on the seriousness of the relevant violations, regulators may( )illegal gains and impose fines.
  8. 11. A stricter( )is expected in managing and processing “national core data”.
  9. 12. Multinational corporations’ ( )with a foreign court request or order for documents might put them in violation of the PRC law, which would result in penalties.
  10. 14. Under the Data Security Law, data relating to protection of national security and interest or( )of international obligations that is categorized as controlled items may be subject to export control.
  11. 15. In addressing cross-border transfer of important data, the Data Security Law distinguishes operators of( )information infrastructure and other data processors.
  12. 17. Future parties of a potential licensing deal involving the PRC data should be aware of the expansion of the( )of export control.