Skip to main content

Chinese data protection legislation

Exxeta supports to implement the requirements of the Personal Information Protection Law (PIPL)

#Datenschutz #China #PIPL
Eine Wand aus gleichaussehenden Schließfächern

Our Impact

  • Migration of six core systems to Amazon Web Services China

  • Integration of 25 peripheral systems and analysis of data transfer

  • Company-wide approach to legal evaluation

The Challenge

Trade relations between China and the world are changing. In 2021, two laws came into force that significantly tighten Chinese cyber and data protection legislation: the Personal Information Protection Law (PIPL) and the Data Security Law (DSL). A variety of standards, norms, and implementing regulations supplement the laws, but remain partially unspecific. Companies operating in China must now respond to the new laws and requirements to establish compliance.

Together with our automotive customer, we conduct a comprehensive analysis of all relevant business processes and IT systems. The goal: A future-proof process and IT landscape which should also be reproducible. 

The Solution

We divide the project into 4 phases:

Discover: In the first phase, we work with the customer to shed light on the situation: Which IT systems are affected and who are the stakeholders? How do we analyze the company-wide business processes? How do we document the future data flows from China to third countries? Do we have to relocate existing IT systems to China? Questions upon questions, which we clarify together with the customer.  

Plan: We support the migration planning of six on-premise core systems to Amazon Web Services China. We facilitate collaboration between experts from business and IT while keeping an eye on the overall project. 

Migrate: Time for the nitty-gritty! In the migration phase, we migrate the systems together with our customer and many other implementation partners. In addition to PMO activities and method coaching, we take on many content-related tasks, such as test management.

Operate: Even before the migration, we contribute our in-depth expertise in IT application management and IT governance to the operational concepts. The focus is always on the subsequent interaction of various internal and external service providers.  

  • „The biggest challenge was to develop the approach together with the customer and refine it by applying it to the many systems and processes in place.“

  • „A properly aligned communications strategy and a perfectly attuned core team are essential for such a complex project. “

  • “From the very beginning of the project, we have placed great emphasis on test management and IT quality assurance to ensure the smoothest possible transition to operations.”

Let's exchange

illustration of an ai person