Firms To Watch: Data protection: PRC firms

The technology department at DeHeng Law Offices provides a broad offering as it is often retained by clients in the technology and telecoms sectors to address cybersecurity and data privacy risks.
Merits & Tree Law Offices specialises in data security and privacy protection and is particularly active in relation to the establishment of data compliance systems and data inspections in M&A and IPO transactions.
Tian Yuan Law Firm is particularly regarded for its guidance on compliance issues arising from IPOs, with further specialisation in network security and personal information protection.
Commerce & Finance Law Offices features a team dedicated to privacy, information protection and network security, advising clients in the manufacturing, pharmaceutical and e-commerce industries. 

Data protection: PRC firms in China

Fangda Partners

With an impressive client roster featuring some of the most prominent players in the technology, banking and retail sectors, Fangda Partners maintains its standing as a leader in the area of data protection and cyber security issues, acting on data breach responses, compliance programs, and regulatory proceedings. Kate Yin, who demonstrates notable knowledge in regulatory compliance, with a further focus on cross-border matters relating to anti-corruption, export controls, and internal investigations, leads the practice with a footing in Beijing, Guangzhou and Hong Kong. In Shanghai, Gil Zhang stands out as a key contact, noted for his ‘full understanding of client’s needs‘ when advising on cybersecurity matters and data compliance programs in a Chinese legislative and GDPR context. Counsel Huihui Li  is experienced in internal compliance checks and assessments of tech-driven products.

Practice head(s):

Kate Yin

Other key lawyers:

Gil Zhang; Huihui Li


‘Familiar with business practice in pharmaceutical industry.’

‘Provides clients with practical advice to comply with data protection law in China.’

‘The team are professional on data protection and cyber security related issues.’

‘Gil Zhang provides timely and professional guidance on the data protection related issues of our company.’

‘Gil Zhang is one of the most knowledgeable privacy lawyers. He has full understanding of clients’ needs and of how their organizations work.’

‘The lawyer’s understanding of the local regulator and their perspectives and the engagement with the rule makers is an advantage.’

Global Law Office

Global Law Office leverages its interlinked offering across practice areas to operate as one when handling data protection issues, acting for multinational clients including Samsung, Xiaomi and Volvo on complex compliance projects and regulatory investigations. Beijing-based Maggie Meng, who regularly acts for companies in the e-commerce, fintech, and AI sectors, leads the practice alongside Shanghai-based Vincent Wang who is singled out for his expertise in emerging technologies such as blockchain, e-mobility and cloud computing. Of counsel Jenny Chen is noted for government and internal investigations as well as personal information protection.

Practice head(s):

Maggie Meng; Vincent Wang

Other key lawyers:

Jenny Chen


‘Jenny Chen is a professional with good quality work. She can listen to the needs of business and provide reasonable solutions. She has very good experience in PIPL projects.’

Key clients

Xiaomi Corporation


Auto Home

Samsung Group

The Volvo Group

Auto Home Inc.

Samsung Group

The Volvo Group



VISEN Pharmaceuticals



Work highlights

  • Advised Xiaomi Corporation on multiple product lines and business scenarios that require data protection advice.
  • Provided effective and comprehensive legal advice for AutoHome’s domestic and foreign business lines involving data protection issues.
  • Provided legal support for Volvo Group’s auto drive and smart vehicle business.

Han Kun Law Offices

Han Kun Law Offices‘ team has a wealth of experience in handling data compliance projects and corporate matters, making the practice a popular choice amongst leading domestic and international corporations looking to expand their presence across multiple jurisdictions. The practice is jointly led by Yan Wang, Kevin Duan, David Tang, Min Zhu, and Michelle Gong. Duan acts on data review matters, assisting companies in their overseas listings, while Zhu is recommended for cybersecurity and data compliance matters. Tang’s ‘knowledge of the local data privacy and protection regulations is second to none‘, which supplements his ability to provide advice on corporate mandates. Associate Kemeng Cai is another notable figure.

Other key lawyers:

Kemeng Cai


‘David Tang’s knowledge of the local data privacy and protection regulations is second to none. David is able to skilfully advise upon the law whilst taking into account the complexities of the business.’

Key clients






Boston Consulting Group

Volkswagen Investment Company



Volvo Cars


State Grid




Geely Holdings

Geely Cars


Work highlights

  • Advised Tencent on its various investment deals in relation to data compliance matters.
  • Represented Marriott’s China in its data compliance matters.
  • Represented Bayer in dealing with its China data compliance matters.

King & Wood Mallesons

King & Wood Mallesons draws from an established China corporate practice, advising a range of domestic and multinational clients on their compliance solutions concerning various regulatory regimes. With a focus on compliance, the firm is active in an array of relevant projects, evidenced by its recent instructions of advising Everbright Bank on its internal data protection program. Beijing-based practice head Susan Ning is praised for her broad practice, which includes advising on data compliance systems, cross-border data transmissions, network security emergencies, and the formulation and modification of privacy policies. Han Wu is also highly recommended for advising multinational companies on their China compliance requirement, as well as representing Chinese companies operating in foreign countries in establishing data compliance systems.

Practice head(s):

Susan Ning

Other key lawyers:

Han Wu

Key clients

Agricultural Bank of China

China Everbright Bank

TravelSky Technology

Work highlights

  • Assisted the Agricultural Bank of China with its data compliance consulting project in complying with the cybersecurity and data compliance obligations.
  • Acted for Everbright Bank in data compliance consulting projects, including providing gap analysis on mobile apps and third-party data providers, advice on internal data protection program, and assessing data-sharing arrangements.
  • Assisted TravelSky Technology with a data rights and interests research project.

Zhong Lun Law Firm

Zhong Lun Law Firm covers the full gamut of data and privacy issues; although the team primarily features practitioners with an IP focus, it is active in areas including face recognition, online payments, and cloud computing, with close collaboration across the firm’s broad specialisms resulting in a one-stop-shop for clients. Jointly led by Jihong Chen and Yongjun Ni, with the former demonstrating notable expertise in cybersecurity, personal information protection, and compliance with a telecoms element. Peng Cai handles data security risks, compliance challenges and artificial intelligence technologies, with further focus on data life-cycle processes, and Jeffrey Liu, is recommended for data and privacy issues related to financial products.

Practice head(s):

Jihong Chen; Yongjun Ni

Other key lawyers:

Peng Cai; Jeffrey Liu

Key clients

BGI Genomics


China Three Gorges Corporation



Greentown Ideal Life Technology

Groz-Beckert KG

Keppel Land China


Perfect Diary

Schneider Electric




Victoria’s Secret


WATRIX. AI Technology

Yuexiu Group

Work highlights

  • Advised Tencent Holdings on its essential data protection compliance mechanism for its key services and products including WeChat and Tenpay.
  • Advised Microsoft on regulatory data compliance supervision in China, with respect to its key products.
  • Advised Volkswagen on a data protection compliance system and compliance issues regarding Intelligent Connected Vehicles (“ICV”) and automated driving.

AnJie Broad Law Firm

AnJie Broad Law Firm stands out as one of the first PRC firms to handle data protection and cybersecurity matters. Accordign to a client, the team has ‘very good technical grasp of the PRC data protection law regime and is very up to date with the latest enforcement trends.’It acts for clients from a broad range of sectors on data transfers, compliance regimes, and data storage. Leading the team is Beijing-based Samuel Yang, highlighted for having ‘outstanding data protection knowledge’. While Yang is primarily recognised for his expertise in the telecoms sector, his practice extends to regulatory, commercial agreements, cybersecurity and e-commerce.

Practice head(s):

Samuel Yang


‘The team is strongly focused on the data protection landscape in China.’

‘Samuel Yang is a fantastic lawyer who has outstanding knowledge of the evolving and complex data protection regime in China.’

‘The team at AnJie has very good technical grasp of the PRC data protection law regime and is very up to date with the latest enforcement trends.’

‘Samuel Yang of AnJie team is very responsive and is able to provide clear and commercial guidance in an area of law that is still developing.’

‘AnJie Broad Law Firm has an excellent data protection practice. They are very responsive and easy to get hold of. They meet their deadlines.’

‘Samuel Yang has good expertise in PRC data protection law. His advice is very practical and helpful and his experience in Western firms means he is very good at explaining PRC law to Westerners.’

Key clients






Swiss Re


China Life



Work highlights

  • Advised a global leading insurance group on its data protection compliance project in China.
  • Advised a well-known international bank on its data protection compliance project in China.
  • Advised a well-known global hotel group on its data protection compliance project in China.

DaHui Lawyers

Recognised as a go-to firm for clients in the TMT sector, DaHui Lawyers leverages its broader compliance experience to provide advice on personal privacy and cross-border data transfer requirements. Within the team, founding partner Richard Ma heads the practice with experience advising on regulatory and data compliance matters primarily;  Joanna Jiang advises on data compliance requirements; and associate Dimitri Phillips is active in dispute resolution, compliance and corporate matters.

Practice head(s):

Richard Ma

Other key lawyers:

Dimitri Phillips; Joanna Jiang; Cloud Li

Hui Ye Law Firm

As a prominent player in the regulatory space, Hui Ye Law Firm has longstanding expertise in the data protection field, with over 10 years of experience advising local and foreign clients on the full spectrum of relevant contentious and non-contentious data protection work. Tianhang Li and Ramon Huang co-head the practice from Shanghai, handling work concerning cybersecurity and data compliance, and network security, respectively. Huang is regularly instructed by high-profile clients including Adidas, JD and Chanel. Junlei Guo joined from Anli Partners in February 2022.

Practice head(s):

Tianhang Li; Ramon Huang

Other key lawyers:

Junlei Guo

Key clients


Phillips Industries


Pfizer China

China United Network Communication Group

Nestle Group

Beijing Lingyue Information Technology

JD Dada Group

Baozun e-commerce


Dongfeng Group

Work highlights

  • Advised China United Network Communication Group on non-bank financial business legal services concerning subsidiaries in the field of big data.
  • Advised Tencent on a data compliance legal programme.
  • Advised Pfizer on cyber-security and data compliance legal services.

Llinks Law Offices

Llinks Law Offices’s compliance practice group is active in cybersecurity, e-marketing, and wider data protection matters, with a prominent presence in the automotive, technological, and pharmaceutical sectors. Practice head David Pan, who is qualified in both China and New York, handles network security, data protection, antitrust, and anti-commercial corruption matters. Xun Yang adds to the firm’s international experience and acts for clients in the TMT, life sciences, and financial services sectors on information security, privacy, intellectual property and unfair competition matters. Nigel Zhu is another name to note.

Practice head(s):

David Pan

Other key lawyers:

Xun Yang; Nigel Zhu

Work highlights

  • Advised SciClone on E-marketing.
  • Advised Roche on data compliance issues.
  • Advised Michelin Investment China Ltd. on cybersecurity and data protection compliance issues.

TransAsia Lawyers

With a strong footing in a global context thanks to its ties to international firms, TransAsia Lawyers is noted for acting on the data protection aspects of cross-border transactions. The team is sought out by payment service providers as well as clients in the cloud services and automotive industries to advise on data compliance, cross-border data transfers and data storage. Managing partner Philip Qu is the main contact in Beijing, with a broad practice encompassing data matters in relation to M&A and VC investments. Karen Hu joined the firm from Merits & Tree Law Offices in June 2022.

Practice head(s):

Philip Qu

Other key lawyers:

Karen Hu

Work highlights

  • Advised Weibo on data security and compliance issues for possible cross-border data transfers related to overseas litigation proceedings.
  • Acted as PRC counsel to AWS for its China operational structure, re-structuring, license application, and regulatory matters.
  • Advised GM China on data and PI policy and compliance, including collection, sharing, cross border transfer, storage, access, and related agreements.

Anli Partners

Anli Partners is a popular choice among TMT sector clients; its practice spans compliance, data transfers and personal privacy procedures. Standout team members include regulatory expert Wei Luo, who acts as the firm’s TMT director and counsel Shanshan He.

Practice head(s):

Wei Luo

Other key lawyers:

Shanshan He

Key clients



Fresenius Medical Care

Work highlights

  • Advised Tencent Cloud and Smart Industries Group, Tencent Advertising Group, and Tencent Interactive Entertainment Group on the compliance and regulatory issues of various products.
  • Advised Nestle on its collaboration project with Chinese hospitals, individual doctors, and service providers on HGRAC issues.
  • Provided legal services for Fresenius Medical Care in its data compliance and personal information projects in China.

Dacheng Law Offices

Dacheng Law Offices benefits from its impressive global footprint, allowing it to act for clients such as Tencent, Alibaba and Lenovo on complex data compliance issues. It is also equipped to advise on cross-border data transfers, data asset transactions and data breach contingency plans. Zhangwei Wang heads the team which includes Kaiming Cai and Donghui Ruan. Cai focuses on data protection and cross-border compliance, while Ruan has notabel experience advising on compliance matters for clients in the technology sector.

Practice head(s):

Zhangwei Wang

Other key lawyers:

Kaiming Cai; Donghui Ruan

Work highlights

  • Advised Beijing Bytedance Technology on information security and in response to US policies.
  • Advised Tencent on data compliance issues.
  • Advised Anker Innovation Technology in compliance matters.

Haiwen & Partners

Haiwen & Partners‘ advises multinational companies and major funds on data compliance issues. It has seen an increase in cybersecurity-related instructions for overseas listings, assisting clients in relevant applications and reviews. Jianyuan Yang, who is noted for cross-border data protection matters as well as the establishment of data protection programs, leads the practice alongside M&A expert Peng Fu, who has a wealth of experience representing clients in the healthcare industry.

Practice head(s):

Jianyuan Yang; Peng Fu

Other key lawyers:

Zehan Xue

HHP Attorneys-At-Law

HHP Attorneys-At-Law’s cybersecurity and data compliance department, which is a part of the Meritas data protection group, is a popular choice among clients in the consumer goods and services, manufacturing, and automotive industries. The firm is increasingly advising on data breach and compliance matters for e-commerce sector clients. Practice head Yao Rao is a cybersecurity and personal data protection specialist with ‘strong problem-solving abilities‘. Associate Shuaijie Lu is another key contact, with experience addressing data compliance issues for both domestic and foreign clients.

Practice head(s):

Yao Rao

Other key lawyers:

Shuaijie Lu; Shihao Xiao


‘The firm provides very professional and effective legal and compliance support in respect of data protection. The lawyers have a strong command of the fast-changing laws and keep working on new compliance requirements. By virtue of their close working relationship with Meritas law firms in other jurisdictions, they can handle our cybersecurity and data protection projects involving multi-jurisdictions. Their billing system is friendly, and they can offer more than you pay.’

‘Yao Rao is very experienced. He is an expert in the field of data protection and has a very up-to-date knowledge of the practice. He has strong problem-solving abilities and provides the client with very valuable advice. He is also a great leader. His team work together efficiently with high quality under his direction.’

Shuaijie Lu and Shihao Xiao both have strong capacities and a wealth of experience in cybersecurity and data compliance issues. They stand out for their high quality and results-oriented service as well as excellent attitude. The advice provided by them was very appropriate and useful.

Key clients

Aiswei Group






RS Components




Valeo Siemens eAutomotive

Work highlights

  • Advised a company in the solar energy industry on its cloud service data compliance project.
  • Advised a European industrial manufacturer on cybersecurity classified protection and grade assessment on its e-commerce website.
  • Advised a leading industrial manufacturer on the overall data compliance assessment on its business platform.

East & Concord Partners

East & Concord Partners is noted for its compliance focus, especially regarding the construction of cybersecurity systems and the implementation of relevant measures. Beijing-based Xiaoyu Shen leads the practice and focuses on data and cybersecurity compliance matters.

Practice head(s):

Xiaoyu Shen

Other key lawyers:

Peng Ye


The team is able to provide comprehensive advice from a business, technical and legal standpoint. It also provides compliance plans that are practical and feasible in their implementation.

The firm has resources to provide guidance from a technical standpoint. It never fails to meet the requirements imposed by companies from local and US backgrounds in a timely, diligent and cost effective manner.

Xiaoyu Shen is a very experienced lawyer. The completeness of her advice is very valuable. She is able to provide companies with the most important points, highlighting risk areas, and her advice is in-depth.

Key clients

SDIC Capital

China Pacific Insurance

China CITIC Bank

Cyber Security Association of China

Chengdu Vcolco Information Technology

Societe General Finance Leasing

Sumitomo Shanghai

Work highlights

  • Provided Chengdu Vcolco with special legal services on automobile data compliance.
  • Provided comprehensive legal services for Organizing Committee on data compliance matters.
  • Provided special legal services for the development and operation of the online duty-free social store applet of a multinational luxury goods group.

FenXun Partners

Drawing from a prominent corporate practice, FenXun Partners supports a range of clients in cybersecurity matters, including in relation to employee privacy training and transactional assessments. Co-heading the practice are Shanghai-based Zhenyu Ruan who has notable expertise in the TMT sector, and Beijing-based Vivian Wu who is noted for compliance investigations and risk assessments.

Practice head(s):

Zhenyu Ruan; Vivian Wu

Work highlights

  • Assisted Porsche on legal and regulatory issues concerning the launch of the new version of the Porsche Connect mobile app in Mainland China and Hong Kong.
  • Represented Subway on agreements with several Chinese IT vendors concerning the design setup and implementation of a China franchisee online ordering, loyalty program and WeChat Mini-Program.

Jingtian & Gongcheng

Jingtian & Gongcheng is active in the cybersecurity and data compliance space, regarded for addressing matters in relation to data governance, cross-border flow requirements, and privacy breaches. Zhenhua Xiang heads the practice alongside Yongqing Huang, with notable members including Lizhi Yuan and Yang Zhou.

Practice head(s):

Zhenhua Xiang; Yongqing Huang

Other key lawyers:

Lizhi Yuan; Yang Zhou

Key clients

Xiamen Yaki Software

Huatai Insurance Group

Guangdong Rural Credit Union Association

Digital Trade Technology

Beijing Nefly Technology

ZTE Corporation

Chinese Academy of Sciences

Shenzhen TCL New Technology

Shihui Partners

Shihui Partners primarily advises clients in the TMT sector on data compliance matters. Raymond Wang leads the firm’s compliance business group, having acted for a number of central ministries and commissions on data-related legislation and regulation. The team continues to expand with the hire of Jing Lu who joined from Sidley Austin LLP in January 2022, and a number of individuals in March 2021 including Tian Li from Fangda Partners and Rui Wang from Global Law Office.

Practice head(s):

Raymond Wang

Other key lawyers:

Jing Lu


The team members are very active and hard working, and usually respond to requests promptly. Also, the partner of the team is very hands-on.

Key clients

Tencent Holdings

Huawei Technologies

Beijing Sohu Internet Information Service


Roche Diagnostics

A.O. Smith



Intercontinental Hotels Group

Honor Device

Work highlights

  • Provided all-round compliance service for Tencent.
  • Advised Zhihu on its data compliance and personal information protection project before its IPO in Hong Kong.
  • Advised Pfizer on its establishment of a personal information protection compliance system.

Yuanda China Law Offices

Yuanda China Law Offices leverages its strategic alliance with international firm Winston & Strawn LLP to act on cross-border compliance issues facing Chinese companies. The team is jointly led between John Huang, James Jiang and Andy Pan. Jiang combines his private equity and corporate practice with compliance matters, whilst Pan supplements the firm’s compliance capabilities, with particular knowledge of the TMT sector.

Practice head(s):

John Huang; James Jiang; Andy Pan

Key clients

Bridgestone Investment

S&C Electric

BCD Travel

Work highlights

  • Advised Bridgestone (China) Investment Co., Ltd. on cross-border data compliance matters.
  • Acted for S&C Electric (China) Co. Ltd. in settin up its data protection system.
  • Handled data compliance matters for BCD Travel (China) Limited.

Zhao Sheng Law Firm

Zhao Sheng Law Firm‘s integrated data protection department benefits from its joint operation with Linklaters, allowing it to address an array of cybersecurity and data protection issues for clients in the TMT sector. Colette Pan leads the team and handles data protection matters arising out of cross-border M&A transactions and private equity investments. Associate Roger Li is a further name to note.

Practice head(s):

Colette Pan

Other key lawyers:

Roger Li

Key clients


Asia Securities Industry & Financial Markets Association

Work highlights

  • Advised ASIFMA in preparing responses to consultation papers on draft rules including the Measures for the Security Assessment of Outbound Data.
  • Advised Elex on a broad range of GDPR compliance, privacy-by-design, age-appropriate design and other data protection regulatory issues.
  • Advised on a long-standing client on implementation of the new Personal Information Protection Law (PIPL) across each of its digital pathways.