Kangda Law Firm | View firm profile
Amid an unprecedented digital wave engulfing all industries, the financial sector is increasingly relying on the use of data to drive innovation and market expansion. Consequently, data compliance issues are becoming increasingly prominent, especially for data-intensive enterprises, and constructing a scientific and effective data compliance plan is crucial. This article explores key elements and strategies for financial data compliance by examining a real-world case, and aims to provide valuable references for businesses.
Case study
A leading domestic medical device data service provider integrates extensive industry data resources including existing market data, tender data and third-party data, and utilises big data and artificial intelligence technologies to generate high-quality alternative data for the financial sector.
This data significantly enhances the accuracy of credit evaluations and loan efficiency, and reduces financial service costs for medical device companies, fostering innovation and development in financial services.
However, the enterprise faces multiple challenges including the legality of data sources (whether it involves public or personal data), data asset ownership, data usage authorisation and its authorisation chains, the legal application of web scraping technologies, data security protection, and cross-border data transmission. These are critical areas of focus for data compliance and integration processes.
Data compliance measures
The enterprise has established a comprehensive data asset compliance mechanism covering data sourcing, collection, processing, operation, management and protection. This framework is built on the identification and cataloguing of data assets, aligning with a compliance system for data asset registration. The specific measures include:
Adhering to policies and regulations. Understand the privacy regulations and data protection laws of the countries and regions involved in the business. Regularly review and update compliance policies to ensure alignment with the latest regulations.
Establishing compliance plans. Address issues of data ownership, authorisation and authorisation chains to clear hurdles for compliance and lay the foundation for data compliance.
Building a data asset system. The enterprise has developed a data asset system centred around the Data Asset Confirmation Work Guidelines, utilising data primarily sourced from public and third-party entities.
- Sort existing data resource environment information, file systems and databases to create a data asset inventory system. Develop compliance management systems for different data collection methods and data types, focusing on the Data Classification and Grading Management System and the Web Scraping Compliance System (WSCS). WSCS strictly limits the scope and methods of technology use, adhering to the principle of no operation or collection without authorisation.
Data involving others’ intellectual property, trade secrets or non-public personal information should not be collected without consent. When purchasing data from other providers, establish a data acquisition commitment system requiring providers to ensure all data subjects have legally authorised the data and no rights are infringed.
- Clarify the responsibilities and collaboration among departments. The data production department assists the data management department in ensuring data resources meet the expected value inflow and reliable measurement conditions before assessing the cost of data assets.
Once data assets are confirmed, the finance department is responsible for archival management, utilising registration cards for record keeping. The data governance department, serving as the data compliance management department, is tasked with supervising and evaluating the management of data resources and implementing data quality governance.
Protecting data security. Use advanced encryption technologies to protect data during storage and transmission, preventing data breaches and unauthorised access. Implement strict access control and permission management strategies to ensure only authorised personnel can access sensitive data. Establish regular data backup mechanisms and periodically test backup data recoverability to prevent data loss.
Conducting regular risk assessments. Identify potential internal and external risks, such as data breaches and system failures. Develop and implement corresponding risk response strategies such as emergency response plans.
Compliance training. Help employees understand and follow compliance policies and regulations, enhancing data security awareness and reducing the risk of data breaches.
Regular internal audits. Check the implementation of compliance and risk management measures. Monitor systems and networks in real time to promptly detect and respond to any abnormal activities or potential threats.
Partnering with data security-conscious partners. Clearly define data protection and compliance requirements in contracts, ensuring partners adhere to the same standards.
Efficiently and securely applying data while ensuring compliance is a pressing issue for data-intensive enterprises facing complex legal environments and evolving technological challenges. Data compliance is a critical component of corporate legal risk management and enterprises must develop a comprehensive data compliance management system that addresses the above-mentioned aspects.
Zhong Yu
Senior Partner
Kangda Law Firm
E-mail: [email protected]
Liang Shuyi
Associate
Kangda Law Firm
E-mail: [email protected]