Data Compliance Practice Guide (China & Singapore Chapter) 
Asian Business Law Institute and Shenzhen Data Exchange (September 2025)
Please contact abli_info@abli.asia for queries relating to this publication. 
This bilingual guide, jointly developed by the Asian Business Law Institute and the Shenzhen Data Exchange, is authored by a team of leading data protection experts with vast practical and cross-border experience in China and Singapore. It provides a clear and practical framework to guide businesses to navigate relevant compliance requirements in the two countries, offering insights on key legal obligations, tailored best practices and actual case studies.
Written for businesses expanding across borders, the guide will be a valuable assistant to support companies in expanding confidently in the digital economy while managing risks and ensuring compliance.
Table of Content 
China Chapter
Chapter 1 Overview and User Guide (pp 12)
Introduction: The Context of China–Singapore Digital Cooperation and the Value of the Guide 
China’s Practical Framework and Compliance Logic for Data Governance
Guidelines for Use and Practical Tools
Chapter II Regulatory System and Departmental Responsibilities (pp 23)
Cyberspace Administration of China (CAC) 
Ministry of Industry and Information Technology (MIIT) 
Public Security Authorities
Market Regulation Authorities 
Industry Regulators and Other Authorities 
National Data Security Coordination Mechanism
Chapter III Compliance Requirements for Data Processing Entities (PP 31)
Organizational Structure 
Policy Development and Personnel Management 
Data Classification and Grading 
Management of External Partners 
Risk Assessment Mechanisms 
Security Incident Response and Handling 
Chapter IV. Compliance Management Standards for Data Subject Matter (PP 46)
Common Requirements for General Data
Important Data 
Personal Information
Public Data
Special Industry Data 
Chapter V: Compliance Paths for Cross-Border Data Flow (PP 118)
Path Selection for Outbound Data Flow 
Requirements for Data Processors in Outbound Data Flow 
Localization Data Storage Requirements 
Chapter VI: Good Compliance Practice Guidelines (PP 152)
Data Protection and Compliance Guide: Frequently Asked Questions (PP 164)
Annex 1: Glossary (PP 175)
Singapore Chapter
Introduction (PP 5)
Purpose of the Guide 
Overview of the Singapore Data Regulatory Regime
Understanding the PDPA framework (PP 6)
Scope and Applicability
Key Principles of the PDPA 
Key Compliance Obligations (PP 12)
Data Protection Officer: Qualifications and Responsibilities 
Obtaining Consent for Processing and Marketing 
Data Management Policies 
Data Breach Management
Data Processing and Cross-Border Transfers 
Enforcement and Penalties (PP 23)
Investigation powers of the PDPC 
Power to issue directions to secure compliance 
Financial Penalties 
Voluntary Undertakings 
Practical steps for Compliance (PP 25)
Challenges and Practical Solutions for Small Businesses 
Challenges and Practical Solutions for Large Corporations 
Specific Challenges for Chinese Companies (PP 28)
Appendices (PP 30)
Sample Checklists 
Sample templates (e.g., sample consent forms or sample clauses)