The regulatory landscape is increasingly complex and developing, creating compliance challenges. Risks can be hard to identify. Ensuring proportionate and timely risk mitigation, focused on the most pressing risks can be a tricky path to chart.

Our service gives you a clear picture of the regulatory environment and how it applies to your business. Alongside that we deliver prioritised risk management strategies.

We provide a clear understanding of how to implementation compliance measures in the short and medium term as well as long term management of the issues. This will protect your business from non-compliance issues.

Generally, our clients come to us when there is a new regulatory framework released, for example, GDPR or the Personal Information Protection Law. Or when new commercial activity triggers the need to review regulatory compliance.

To create a bespoke solution for your business, we take our clients through the following process:

Case study 1

A global children’s games and entertainment company seeking to be compliant with China’s data regulatory framework across multiple entities

Client’s challenge

The client owned multiple different business in China, each with their own operations. Alongside this, they worked with a number of partners in China. All parties needed to be compliant with the complex data regulatory framework in China. This included the need to transfer data between entities and cross-border.

Our approach

Using our project-based approach, we took the client through the following steps:

• Built understanding: Delivered Personal Information Protection Law (PIPL) training to legal and business teams.
• Identified the risks: Delivered PIPL Risk Rating and Compliance Action Plan, including analysis of data collection and data flows across entities. Following new cross-border regulations and the client’s updated commercial strategy, we repeated the compliance review and updated the Action Plan.
• Supported risk mitigation: Created overarching workplan to prioritise actions, workloads and facilitate communication with the wider business. Delivered updated privacy notices.

Impact of our work

The client understood all of the actions required to deliver compliance across their whole operation. They were able to prioritise their efforts based on the risk levels for non-compliance with different regulations. The framework also provided an approach for managing future data risk within business operations.

With the full picture, the Legal teams could get buy-in from the wider business about the importance of undertaking rectification and the investment required.

Case study 2

Digital Strategy Implementation​

Client’s challenge

The digital media regulatory landscape in China is complex and highly regulated. By implementing their global strategy in China, our client was seeking to generate and utilise more online and digital content. However, the highly regulated landscape in China brings a risk of strong and targeted action for non-compliance. Our client approached us to provide support on issues which ranged from decisions to inform successful strategy implementation through to day-to-day compliance. ​

Our approach

As the regulatory landscape for content production and distribution in China is complex and multifaceted, we provided an overview to identify the key risks to strategy delivery and options to overcome them. This also informed partnerships with third parties which were essential for delivery. When developing the content, we advised our client on censorship and marketing regulation, including advertising to and engaging minors in gaming promotions. Data privacy and protection was a key concern but our Digital Channel Risk Assessment and Rectification Plan ensured adherence with the Personal Information Protection Law (China’s equivalent of GDPR).

Impact of our work

With our support, our client was able to effectively implement their strategy whilst avoiding any risks which would damage brand reputation.

Case study 3

Maximising IP protection and data law compliance

Client’s challenge

When selling cutting edge technologies in China, ensuring effective IP protection is key to maintaining competitive advantage. In addition, the unique and complex regulatory landscape means care must be taken to avoid any concealed pitfalls. Therefore, when our client was launching a new Internet of Things (IoT) solution to monitor the performance of its industrial air purification products, they approached us.

Our approach

Our IP protection gap analysis enabled the client to strengthen protection for their core IoT/Software as a Solution (SaaS) technology and source code. Drawing on industry best practice, we recommended enhancements to the business structure and relationships with third parties to create additional control mechanisms for their IP. Data management and cross-border data flows was a specific regulatory concern. To minimise any risks, we undertook a data compliance risk assessment and developed a rectification plan. This included making recommendations on reducing cross-border transfer without impacting business operations, as well as strengthening contractual arrangements with third parties.

Impact of our work

As a result, our client was able to mitigate the IP and regulatory risks and roll out their new product with confidence.