Data Compliance Practice Guide (China & Singapore Chapter)
Asian Business Law Institute and Shenzhen Data Exchange (September 2025)
Please contact abli_info@abli.asia for queries relating to this publication.
This bilingual guide, jointly developed by the Asian Business Law Institute and the Shenzhen Data Exchange, is authored by a team of leading data protection experts with vast practical and cross-border experience in China and Singapore. It provides a clear and practical framework to guide businesses to navigate relevant compliance requirements in the two countries, offering insights on key legal obligations, tailored best practices and actual case studies.
Written for businesses expanding across borders, the guide will be a valuable assistant to support companies in expanding confidently in the digital economy while managing risks and ensuring compliance.
Table of Content
China Chapter
Chapter 1 Overview and User Guide (pp 12)
Introduction: The Context of China–Singapore Digital Cooperation and the Value of the Guide
China’s Practical Framework and Compliance Logic for Data Governance
Guidelines for Use and Practical Tools
Chapter II Regulatory System and Departmental Responsibilities (pp 23)
Cyberspace Administration of China (CAC)
Ministry of Industry and Information Technology (MIIT)
Public Security Authorities
Market Regulation Authorities
Industry Regulators and Other Authorities
National Data Security Coordination Mechanism
Chapter III Compliance Requirements for Data Processing Entities (PP 31)
Organizational Structure
Policy Development and Personnel Management
Data Classification and Grading
Management of External Partners
Risk Assessment Mechanisms
Security Incident Response and Handling
Chapter IV. Compliance Management Standards for Data Subject Matter (PP 46)
Common Requirements for General Data
Important Data
Personal Information
Public Data
Special Industry Data
Chapter V: Compliance Paths for Cross-Border Data Flow (PP 118)
Path Selection for Outbound Data Flow
Requirements for Data Processors in Outbound Data Flow
Localization Data Storage Requirements
Chapter VI: Good Compliance Practice Guidelines (PP 152)
Data Protection and Compliance Guide: Frequently Asked Questions (PP 164)
Annex 1: Glossary (PP 175)
Singapore Chapter
Introduction (PP 5)
Purpose of the Guide
Overview of the Singapore Data Regulatory Regime
Understanding the PDPA framework (PP 6)
Scope and Applicability
Key Principles of the PDPA
Key Compliance Obligations (PP 12)
Data Protection Officer: Qualifications and Responsibilities
Obtaining Consent for Processing and Marketing
Data Management Policies
Data Breach Management
Data Processing and Cross-Border Transfers
Enforcement and Penalties (PP 23)
Investigation powers of the PDPC
Power to issue directions to secure compliance
Financial Penalties
Voluntary Undertakings
Practical steps for Compliance (PP 25)
Challenges and Practical Solutions for Small Businesses
Challenges and Practical Solutions for Large Corporations
Specific Challenges for Chinese Companies (PP 28)
Appendices (PP 30)
Sample Checklists
Sample templates (e.g., sample consent forms or sample clauses)