If you wanted to export a product to China, you might contact an international trade lawyer who knows China’s trade regulations, but you would still need a customs agent to fill out the paperwork. Though lawyers have a great deal of skill and knowledge, they are not experts at everything. After all, a jack of all trades is a master of none.
A lawyer can explain the intent of the law. Ultimately they will tell you what you can and cannot do. Unfortunately, though helpful, lawyers can’t tell you how to adjust your business to comply with the law, which is often the most challenging part of privacy laws.
Lawyers and compliance experts work in tandem but cannot replace one another. A lawyer can’t do what a compliance consultant can, just as a compliance consultant can’t practice law.
Many industries believe that compliance and legal should remain entirely separate. At the annual Association of Corporate Counsel meeting in New Orleans, the Executive Vice President and General Counsel of the Royal Bank of Canada (RBC), David Allgood, addressed the topic.
According to Allgood, “Compliance should be tailored to the specific needs of the business and address the risks of a business”. Believing compliance should be left to compliance specialists, RBC’s legal team does not handle it. They, along with many other financial institutions, understand that lawyers are not businesspeople. Though they may understand the law and the boundaries an organization may operate, they cannot tell a company how they can effectively adapt their business.
Think of it this way - there are laws regarding marketing and advertising. A lawyer can tell you the regulations regarding advertising and tell you what you cannot do, but they won’t be able to create an advertisement that converts, increasing sales and profits. It’s doubtful a company would pay large sums of money to have a lawyer create a marketing campaign.
This is the same for data privacy. A lawyer may tell you what you can and cannot do, but they don’t know the real applications of a particular law in your specific business. To ensure laws are met while maintaining your business, you need hands-on advice from someone who has been practicing data privacy compliance for years.
Even with the savviest team of lawyers, you could still be at risk. Google LLC knows this all too well. One of the strictest privacy and security laws globally, the European Union’s General Data Protection Regulation (GDPR), came into effect on May 25, 2018. Roughly eight months later, Google LLC was fined €50 million for failure to comply. Though Google appealed it, the decision was upheld.
Having experienced Europe’s GDPR and American data privacy laws like CCPA and SB-220, we know how to minimize risk and maximize digital opportunities. By working alongside Chinese cybersecurity attorneys, we can assist companies like yours to abide by the new requirements of China’s Personal Information Protection Law (PIPL) with proven digital solutions.
China’s PIPL will be in full effect by 2022, and if your company is not set up for compliance, the penalties and consequences will be harsh. As experts in business and practical applications of privacy law, Asia Advisers can help you prepare and comply.